Privacy Policy

Zion Health (the “Company” “us” or “we” or “Zion HealthShare) is committed to maintaining robust privacy protections for individuals and its members accessing the Company’s website(s) (each, a “Site”) or utilizing its services, whether online or otherwise (“Services”). This Privacy Policy is designed to inform users of how Zion HealthShare, its affiliates, subsidiaries, or related companies (“we”, “us”, or “our”) gather and use personal information collected by us on or through our Service. For purposes of this Privacy Policy, the “Service” includes: (1) the websites owned or operated by Zion HealthShare now, or in the future, including, but not limited to, www.zionhealthshare.org (collectively, the “Site”); (2) Zion HealthShare’s subdomains and all related services and products provided in connection with the Site.

YOU SHOULD READ THIS PRIVACY POLICY CAREFULLY PRIOR TO ACCESSING THE SITE OR USING THE SERVICES.

1. INTRODUCTION

By using the Service, you accept and hereby expressly consent to the terms of this Privacy Policy and to our use and processing of Personal Information (as defined hereunder) for the purposes set forth herein. “You” or “your” or similar terms refer to you as a user of our Service. By accepting our Privacy Policy during registration, or by using the Service, you expressly consent to our collection, use, disclosure, storage, and processing of your Personal Information (as defined below) in accordance with this Privacy Policy.

2. INFORMATION COVERED BY THIS PRIVACY POLICY

This Privacy Policy covers how Zion HealthShare treats your personally identifiable information that Zion HealthShare collects, receives, maintains, stores, or transmits including, but not limited to, information you transmit or submit in connection with your use of, or interaction with, the Service (“Personal Information”). Your Personal Information includes, but is not limited to, information that individually identifies you or is information about you that can be traced back to you, your IP address, or your location. It may include, but is not limited to, your name, address, email address, phone number, other contact information, and any information you choose to share via the Service.

3. INFORMATION COLLECTED BY THE SERVICE

Zion HealthShare collects Personal Information that you choose to provide to us, including any Personal Information you provide in connection with your use of the Service, regardless of how you provide it. It is always your choice whether or not to provide us with your Personal Information. If you choose not to provide Personal Information, you may not be able to use certain features or functions of the Service. Whenever you use the Service, Zion HealthShare also receives and records information on our server logs from your browser, including your IP address, Zion HealthShare’s cookie information, the pages you request, and relates it to the Personal Information you provide.

Examples of how and why Zion HealthShare collects Personal Information include:

• Registration – We collect your Personal Information as part of the registration process for our Service. For example, to process your registration, or use of the Service, we may collect Personal Information such as your email, login, password, phone number, date of birth, your interest in the Service, and how you found the Service.

• Self-Reported Personal Information – We collect Personal Information that you provide or enter during the course of using the Service or that you choose to provide to us through any devices that you use to collect information regarding your health and/or medical condition and related behaviors or that you have others provide on your behalf such as information or records relating to your medical or health history, health status and laboratory testing results, prescriptions, and other health-related information.

• Health Care Payer or Company (Employer) – If you are receiving the Service through your health care payer or company, we may receive information as provided by your health care payer or company, or information provided by a third-party on the health care payer’s or copmany’s behalf.

• Social Information – We collect information that you provide to us pertaining to the people with whom you consent to share your Personal Information (such as a family member or caregiver), as well as communications between you and such individuals.

• User Content – We collect information that you submit through the Service including messages, chats, reviews, photos, videos, images, folders, data, text, and other types of submissions that you provide in connection with the use of the Service.

• Automatically Tracked Information – We may also use automated tracking methods such as cookies, flash cookies, web beacons, GPS data, and connected accelerometers to collect information regarding your behaviors relative to the Service including, but not limited to, information related to your equipment, browsing actions and patterns, traffic and location data, the resources you access and use, and information about your internet connection including, but not limited to, your IP address, operating system, and browser type. We may also use these technologies to collect information regarding your interaction with our email messages such as whether you opened, clicked, or forwarded our email.

When you access our Service from a mobile device, we may collect unique identification numbers associated with your device (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google AdID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address. We and our third-party partners may also use cookies and tracking technologies for advertising purposes.

• Demographic Information – We may collect demographic information as you continue to use the Service such as your unique username and password, mailing address, age, gender, social security number, driver’s license number, geographic location, preferences, payment information (such as your payment card number, expiration date, and billing address), and any applicable insurance information.

• Surveys and/or Assessments – From time to time, we may send you assessments and survey questions to help us understand your knowledge of the Service and to provide us with feedback on the Service. We collect any responses that you provide.

• Augmenting – From time to time, we may use or augment your Personal Information with information obtained from third parties and sources other than the Service such as, without limitation, our partners, advertisers, or from Zion HealthShare (as such term is defined hereunder) and other providers. An example of such a third party includes analytics providers such as Google Analytics (see below for additional information regarding how our Service uses Google Analytics and other similar third parties).

Cookies, Web Beacons, Research and Analytics, and Other Tracking Technologies

We use technology to automatically or passively store or collect certain information when you visit or interact with the Service. These technologies include “cookies” and “web beacons” (and subsequent technologies and methods later developed which perform a similar function), which are used to collect and store usage information regarding your use of the Service. We use this information for a variety of purposes, including, but not limited to, assessing the performance of, or enhancing your experience with, the Service.

• Cookies – Cookies are small text files that we, or our third-party partners, place in visitors’ computer browsers or devices to store the visitor’s preferences. The use of cookies is standard on the Internet and allows us to tailor your visits to the Service to your individual preferences. We may also contract with third party service providers who assign cookies to conduct site tracking for us. These companies use cookies solely to provide us with aggregate data about traffic to the Service. Although most web browsers automatically accept cookies, you can change your browser to prevent cookies or notify you whenever you are sent a cookie. Cookies may be session-based cookies that are removed after a user leaves a website or persistent cookies that are stored on a user’s computer permanently or until the expiration date. We may use both session cookies and persistent cookies. Users can delete cookies via their browser settings. Cookies themselves do not contain any Personal Information. Please note that if you delete or disable cookies from the Service, you may not be able to utilize the features of the Service to its fullest potential.

• Flash cookies – Flash cookies are locally stored objects that may be incorporated in certain features of the Service to collect and store information about your preferences and navigation to, from and on the Service. Flash cookies are not managed by the same browser settings as are used for browser cookies.

• Web beacons – Web beacons (also known as clear gifs, pixel tags, and single pixel gifs) are small pieces of code placed on a web page to monitor the behavior and collect data about the visitors viewing a web page that help Zion HealthShare manage online advertising and traffic. This information enables Zion HealthShare to learn which emails and advertisements bring users to our Service. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. We may use web beacons for this purpose including in our emails to measure the effectiveness of our email campaigns by identifying the individuals who open or act upon an email message, when an email message is opened, how many times an email message is forwarded, the type of software, device, operating system, and browser used to deliver the email and any URL accessed through our email message.

Disabling Cookies

You may set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. Please refer to your browser “Help” instructions to learn more about cookies and other technologies and how to manage their use. If you elect to refuse or delete cookies, you will need to repeat this process if you use another device or change browsers. The Network Advertising Initiative provides instructions and information on how to opt out of communications: http://www.networkadvertising.org/choices/. You can use your browser settings to decide whether to turn on and off cookies for our Service. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some of the Service may be inaccessible or not function properly.

Analytics Tools

We also use analytics tools including Google Analytics to better understand how visitors interact with our Service. These tools provide anonymous information, including, but not limited to, data on where visitors came from, what actions they took while interacting with the Service, and where visitors went when they ceased interacting with the Service.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Service. Google Analytics uses cookies to analyze how users use the Service. You can find out more about how Google uses data by visiting the following website: www.google.com/policies/privacy/partners/. We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics please visit Google’s website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.

Other Tools

There may be other tracking technologies now and later devised and used by us in connection with the Service. Further, third parties may use tracking technologies with our Service. We do not control these tracking technologies, and we are not responsible for them. However, you consent to potentially encountering third-party tracking technologies in connection with your use of the Service and accept that this Privacy Policy does not apply to the tracking technologies or practices of such third parties. In such cases, you must check with the third party to confirm how your information is collected and used.

California Do Not Track Disclosure

We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want it collecting certain information about you.

4. HOW WE USE AND DISCLOSE YOUR PERSONAL INFORMATION

In general, we will not rent or sell your Personal Information. Also, we will not share your Personal Information with other people or non-affiliated companies except in connection with providing the Service, when we otherwise have your permission, as permitted, or required by the Notice of Privacy Practice (the “NPP”), or as expressly permitted or required under this Privacy Policy, including under the following general circumstances.

Using Your Personal Information

We, or a third party on our behalf, use information we collect on the Service in a variety of ways in providing the Service and operating our organization, including, but not limited to, the following:

• providing you with the Service;

• providing you with services and information that you request;

• verifying your identity;

• personalizing your experience with the Service;

• processing payment card transactions;

• performing engagement and outreach activities and call monitoring;

• providing you with information about other goods and services we offer that are similar to those that you have already signed up for or inquired about;

• notifying you about changes to the Service, the Terms, and/or this Privacy Policy;

• operating, maintaining, and improving our Service and improving the content and functionality of the Service;

• administering the Service and for internal operations, including troubleshooting, data analysis, product and functionality development, patient experience, peer review, quality control and assurance, understanding and analyzing usage trends and user preferences, support, testing, research, statistical and survey purposes, responding to law enforcement requests as required by applicable law, investigating and defending ourselves against any claims or allegations, pursue business development opportunities including, but not limited to, evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of Zion HealthShare’s assets;

• responding to user submissions, comments, and questions;

• creating de-identified datasets, to the extent permitted by applicable law;

• creating aggregated datasets, to the extent permitted by applicable law;

• protecting the personal safety of users of the Service and defending and protecting our rights, property, employees, customers or patients;

• keeping our Service safe and secure;

• developing, displaying and tracking content and advertising tailored to your interests on our Service and other sites, including providing our advertising to you when you visit other websites or applications;

• providing services as a business associate on behalf of, or to facilitate the services of, the Zion HealthShare including, but not limited to, disseminating the NPP, providing you with certain communications via email, text messages, or other means that contain PII, PHI, and/or PCI-DSS and sending you appointment reminders; and

• rendering any services, provide information, or for any other use permitted by applicable law including for research purposes.

Disclosing Your Personal Information

Except as described in this Privacy Policy, we will not disclose Personal Information that we collect on the Service to third parties without your consent. However, we may disclose Personal Information that we collect on the Service to third parties, to the fullest extent permitted by law, for the following reasons:

• we may disclose your Personal Information to Zion HealthShare or other providers for treatment, payment processing, or operational purposes;

• we may disclose your Personal Information to your insurance company, health plan, employer, sponsor, or third-party administrator for purposes of billing and payment for our Service;

• we may share your Personal Information with certain third parties to provide the Service to you on our behalf under confidentiality agreements, including, but not limited to, our third-party service providers such as website, application development, cloud hosting, maintenance, payment processors, and analytics service providers;

• we may be required to disclose your Personal Information in response to a legal process, for example, in response to a court order or a subpoena to comply with its applicable legal and regulatory reporting requirements;

• we may disclose your Personal Information in response to a law enforcement agency’s request, or where it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Terms, to verify or enforce compliance with applicable laws, or as otherwise required or permitted by law, and to take precautions against liability and to protect our property or other legal rights;

• we may transfer your Personal Information to an entity or individual that acquires, buys, or merges with Zion HealthShare, or our other business units, including during the course of any due diligence process to explore such a transaction, or to explore and complete a divestiture, restructuring, reorganization, dissolution, bankruptcy, or change of control or ownership or sale of its assets (whether in whole or in part);

• we may license, sell or otherwise share de-identified, aggregated, or non- aggregated versions of your Personal Information with institutional clients, partners, investors and contractors for any purposes related to our marketing, business, and/or research practices;

• we may disclose your Personal Information in accordance with your prior written consent or authorization;

• we may disclose Personal Information to our subsidiaries, affiliates, and related companies; and

• we may disclose Personal Information to third party advertisers to develop and display advertising tailored to your interests or location.

Use / Disclosure of Information Submitted to Groups

You acknowledge that our Service may include in the future features such as group discussions, discussion boards, forums, profile pages, bulletin boards, instant messaging, polls, and other communication forums (collectively, “Groups”). You acknowledge and agree that any information you submit, post, or disclose to such Groups including, but not limited to, user profile information, user profile pictures, discussion board postings, and any Personal Information included in such postings, may be visible to other users and providers of the Service including, but not limited to, your health coaches, authorized personnel, administrators, and other users of the Service.

IN THE CASE OF YOUR USE OF GROUPS, WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF ANY INFORMATION, INCLUDING PERSONAL INFORMATION, THAT IS DISCLOSED BY YOU OR ON YOUR BEHALF IN SUCH GROUPS. BY DISCLOSING ANY OF YOUR INFORMATION VIA GROUPS, YOU ACKNOWLEDGE AND ACCEPT ANY RISK AND DAMAGE ARISING FROM THE DISCLOSURE OF SUCH INFORMATION.

5. CONFIDENTIALITY AND SECURITY

We take reasonable steps to ensure that all Personal Information collected will remain secure and in its original form (i.e., free from any alteration). We have put in place appropriate physical, electronic, and administrative safeguards in compliance with federal and state law, including HIPAA, to help prevent unauthorized access, maintain data security, and correct use of the Personal Information we collect. We cannot, however, ensure or warrant the security of any Personal Information you transmit to us, and you do so at your own risk. Once we possess your transmission of information, we use commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards.

The Service may contain links to Third Party Offerings (as such term is defined in the Terms). Before using any Third-Party Offerings or related services, you must review and accept the terms of use and privacy policies for those sites and/or services. We are not responsible for the privacy policies and/or practices of any Third-Party Offerings, and we are not responsible or liable for the availability, reliability, content, functions, performance, accuracy, legality, appropriateness, services, materials, or any other aspect of such Third- Party Offerings. This Privacy Policy only governs information collected by our Service. When you access any Third-Party Offerings, you do so at your own risk, and you understand and agree that you are solely responsible for reading and understanding any terms of use and/or privacy policies that apply to such Third-Party Offerings. Zion HealthShare is not responsible for and will not be a party to any transactions between you and a third- party provider of products, information, or services. Zion HealthShare does not monitor such interactions to ensure the confidentiality of your Personal Information. Any separate charges, data records or obligations you incur in your dealings with Third-Party Offerings are solely your responsibility.

6. ACCESSING AND CHANGING YOUR INFORMATION

You may review and request changes to your Personal Information or request additional information about our collection, use and disclosure of such information by contacting us at info@zionhealthshare.org. We try to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by promptly notifying us of any changes to your Personal Information. You may update, correct, or delete your profile information and preferences at any time by emailing mcadmin@zionhealthshare.org. Any changes you make will be reflected in active user databases within a reasonable period of time; however, we may retain all information you submit for backups, archiving, prevention of fraud or abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. We may not be able to modify or delete your information in all circumstances. In addition, you may request that we provide you with the information we hold about you; however, your rights to access your Personal Information are not absolute. We may deny you access when required and/or permitted by applicable laws or if disclosure would likely reveal personal information about a third party.

7. CHILDREN’S PRIVACY

Our Service is neither intended for nor designed to attract users who are under the age of 18. If you are under the age of 18, or we are not otherwise able to offer Service functionality to you because you are deemed a minor (for example, you are not an emancipated minor), do not use the Service. However, depending upon the Service functionality available to you, a parent, guardian, conservator, or custodian or similar legally authorized person (“Authorized Person”) may register for access to the Service and use it on your behalf. Upon turning 18, we will cease providing Service access to the Authorized Person and, depending on the Service functionality available to you, we may:

• permanently disable the Authorized Person’s account;

• require you to register for desired access to the Service;

• request that you indicate whether the Authorized Person may continue to act on your behalf;

• seek confirmation that you have taken over the account for access to the Service on behalf of the Authorized Person; and/or

• otherwise communicate with you and/or the Authorized Person in accordance with applicable law, your communication preferences, or otherwise.

Our Service is not directed to children under the age of 13, and we do not knowingly collect information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Service at any time or in any manner. If we learn that a person under 13 years of age has used or accessed the Service or any information has been collected on the Service from persons under 13 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on or otherwise accessed the Service, then you may alert us at info@zionhealthshare.org and request that we delete your child’s information from our systems.

8. OPT OUT

You may affirmatively opt out of receiving future emails from Zion HealthShare and may remove your name from our marketing mailing lists. The opt-out provisions do not apply to information collected by cookies or used internally to recognize you and/or facilitate your use of the Service or information we may retain to comply with legal requirements. Opting out will not prevent your access to the Service and you will continue to receive administrative messages about the Service from us. If you no longer consent to us collecting, using, and sharing your Personal Information in accordance with this Privacy Policy, you may withdraw from the Service at any time by emailing Zion HealthShare’s Member Care Admin team at admin@zionhealthshare.org.

9. CHANGES TO OUR PRIVACY POLICY

By using the Service, you agree to the current Privacy Policy, as well as our Terms into which this Privacy Policy is incorporated. Zion HealthShare reserves the right, in our sole discretion, to modify or amend this Privacy Policy at any time. Use of information we collect is subject to the Privacy Policy in effect at the time such information is used or disclosed. If we make any material changes to the ways in which Personal Information is collected, used or transferred, as determined by Zion HealthShare, we will notify you of these changes by modification of this Privacy Policy, which will be available for your review through the Service and the last revision date will be noted at the beginning or end of this Privacy Policy. You should review this Privacy Policy periodically so that you are up to date on our most current policies and practices. Your continued use of the Service after receiving notice signifies your acceptance of any such changes. If the modified Privacy Policy is not acceptable to you, your only recourse is to cease using the Service.

10. PROTECTED HEALTH INFORMATION

Some of the information that you provide to Zion HealthShare, or that is created through your use of the Service, may be considered “Protected Health Information” or “PHI” as defined in the Health Insurance Portability and Accountability Act (“HIPAA”). PHI is subject to Zion HealthShare’s Notice of Privacy Practices (the “NPP”). The NPP describes how Zion HealthShare uses and discloses your PHI and also describes your rights with respect to your PHI. To the extent that this Privacy Policy conflicts with the NPP, the NPP will prevail. In addition, to the extent a capitalized term is undefined in this Privacy Policy, it will have the same meaning as prescribed to it in our Terms of Service (the “Terms”). To the extent that this Privacy Policy conflicts with the Terms, this Privacy Policy will control. BY USING THE SERVICE, YOU ACKNOWLEDGE RECEIPT OF THE ZION HEALTHSHARE NPP.

In addition, your use of the Service may involve our receipt of PHI. PHI is Personal Information that relates to

• your past, present, or future physical or mental health or condition;

• the provision of health care to you; and

• your past, present, or future payment for the provision of health care, which is created, received, transmitted, or maintained by us.

This Privacy Policy describes how we protect your privacy as a visitor or general user of our Service. You have additional rights under federal and state law with respect to PHI. For more information on those rights, and how Zion HealthShare uses and discloses your PHI, refer to the NPP.

In addition to the permitted uses of Personal Information that are set forth in this Privacy Policy, we may use your Personal Information to:

• send you communications on behalf of Zion HealthShare and to facilitate the provision of health care services to you by Zion HealthShare;

• and invite you to participate in IRB-approved research studies regarding the Service.

In addition to the permitted disclosures of Personal Information that are set forth in this Privacy Policy, and to the extent permitted by applicable law, we may, in our sole discretion and as we deem necessary or otherwise appropriate, disclose your Personal Information to an appropriate health care provider to address concerns regarding the safety and well- being of a user.

11. SPECIAL NOTICE TO CALIFORNIA RESIDENTS

For California residents, this section describes the rights you may have under California law. These disclosures are intended to supplement this Privacy Policy with information required by California law. To understand what Personal Information we may have collected about you, from where we collected it, and what we do with it, please see Sections 3 and 4 of this Privacy Policy above.

We disclose the following categories of personal information for business or commercial purposes to the categories of recipients listed below:

• Categories of Personal Information – Categories of Third Parties with Whom Personal Information is Shared

• Identifier – Affiliates; Outside Contractors; Third-Party Sellers; Third-Party Partners; Other Users; Analytics, Advertising and Social media Platforms and Networks; Laws and Legal Rights

• Commercial and Financial Information – Affiliates; Outside Contractors; Third-Party Sellers; Third-Party Partners; Laws and Legal Rights

• Health Information – Affiliates; Outside Contractors; Third-Party Partners; Laws and Legal Rights

• Demographic Information – Affiliates; Outside Contractors; Laws and Legal Rights

• User-Submitted Content – Affiliates; Outside Contractors; Third-Party Sellers; Third- Party Partners; Other Users; Laws and Legal Rights

• Email or Refer a Friend – Affiliates; Outside Contractors; Laws and Legal Rights

• Audio-Visual Information – Affiliates; Outside Contractors; Laws and Legal Rights

• Device Information – Affiliates; Outside Contractors; Analytics, Advertising and Social media Platforms and Networks; Laws and Legal Rights

• Internet or Other Network Activity – Affiliates; Outside Contractors; Analytics, Advertising and Social media Platforms and Networks; Laws and Legal Rights

• Inferences – Affiliates; Outside Contractors; Third-Party Partners Analytics, Advertising and Social Media Platforms and Networks; Analytics, Advertising and Social Media Platforms and Networks; Laws and Legal Rights

• Sensitive Personal Information – Affiliates; Outside Contractors; Third-Party Partners; Laws and Legal Rights

Your Rights

Under California law, you have a right to notice, upon collection, of the categories of Personal Information collected and the purposes for which the Personal Information will be used. We have provided this notice through this Privacy Policy. In addition, California residents have additional rights, subject to certain limitations, including:

• Access: You have the right to access a copy of the categories and specific pieces of Personal Information that we have collected about you.

• Correction: You have the right to request that we correct inaccurate Personal Information that we hold about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.

• Deletion: You have the right to request that we delete or anonymize your Personal Information, with certain exceptions.

• Sale/Sharing Opt-out: You have the right to opt-out of the sale of your Personal Information.

• No Retaliation: You have the right to be free from discrimination for exercising your rights.

• Right to Limit Use of Sensitive Personal Information: You have the right to limit use of sensitive Personal Information where such information is used to infer characteristics about the consumer (such as for marketing purposes).

Exercising Your Right to Access, Correction, or Deletion

To submit a request to access, correct, delete your information, or exercise your right as a consumer or as an authorized agent, send an email to info@zionhealthshare.org. Once we receive a request, we will take steps to verify your request and will ask for information that is reasonable in light of the nature of your request.

If an authorized agent is used to make a request on your behalf, we require the authorized agent to provide proof that you gave them permission to submit the request on your behalf. We may also require you to verify your identity directly with us.

Limit Use of Sensitive Personal Information

You can opt out of certain uses of your Sensitive Personal Information by sending an email to info@zionhealthshare.org.

Sale of Personal Information

Zion HealthShare does not sell or share Personal Information in exchange for money. However, we may share Personal Information with our partners to understand how you use our Service, to customize your experience when you use our Service, to market to you, to improve our products and services, and to provide advertisements on other websites that we or our partners believe will be of interest to you. In addition, Zion HealthShare uses cookies and similar technologies to enhance Service navigation, analyze Service usage, and assist in marketing efforts (including targeted advertising). In some cases, sharing for these purposes may be considered a “sale” of information under California law.

The categories of Personal Information disclosed that may be considered a “sale” under California law are Identifiers, Device Information, Internet or Other Network Activity, and Inferences.

The categories of third parties to whom Personal Information was disclosed that may be considered a “sale” under California law are: Third-Party Partners, Third-Party Sellers, and Analytics, Advertising and Social Media Platforms and Networks.

We do not sell, or have actual knowledge of any sale of, the Personal Information of minors under 16 years of age.

Questions

If you have any questions about these privacy rights, please contact us at the contact information below.

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770, or email info@zionhealthshare.org.

12. SPECIAL NOTICE TO COLORADO RESIDENTS

For Colorado residents, this section describes the rights you may have under Colorado law as of July 1, 2023. These disclosures are intended to supplement this Privacy Policy with information required by Colorado law. To understand what Personal Information we may have collected about you, from where we collected it, and what we do with it, please see Sections 3 and 4 of this Privacy Policy above. We do not use your Personal Information to make decisions with legal or similar significant effects for you based on the automated processing of your Personal Information. In addition, the table below describes for each purpose for which we process Personal Information, the categories of Personal Information we process and share with third parties and the categories of third parties with whom Personal Information is shared:

Processing Purpose: Providing our Service
- Personal Information Processed and Shared:
  - Identifiers
  - Commercial and Financial Information
  - Health Information
  - Demographic Information
  - User-submitted Content
  - Email or Refer a Friend
  - Audio-visual Information
  - Device Information
  - Internet or Other Network Activity
  - Inferences
- Categories of Third Parties with Whom Personal Information is Shared:
  - Affiliates
  - Outside Contractors
  - Third-Party Sellers
  - Third-Party Partners
  - Other Users
  - Laws and Legal Rights
Processing Purpose: Communicating with You
- Personal Information Processed and Shared:
  - Identifiers
  - User-submitted Content
  - Email or Refer a Friend
  - Inferences
  - Sensitive Personal Information
- Categories of Third Parties with Whom Personal Information is Shared:
  - Affiliates
  - Outside Contractors
  - Third-Party Sellers
  - Third-Party Partners
  - Laws and Legal Rights
Processing Purpose: Analytics and Personalization
- Personal Information Processed and Shared:
  - Identifiers
  - Commercial and Financial Information (limited to purchasing or consuming histories or tendencies)
  - Demographic Information
  - User-submitted Content
  - Device Information
  - Internet or Other Network Activity
  - Inferences
  - Sensitive Personal Information (however, we only use Sensitive Personal Information internally for marketing purposes and do not share this information with third parties for their own marketing purposes).
- Categories of Third Parties with Whom Personal Information is Shared:
  - Affiliates
  - Outside Contractors
  - Third-Party Sellers
  - Third-Party Partners
  - Analytics, Advertising, and Social Media Platforms and Networks
Processing Purpose: Business Functions
- Personal Information Processed and Shared:
  - Identifiers
  - Commercial and Financial Information
  - Demographic Information
  - User-submitted Content
  - Audio-visual Information
  - Device Information
  - Internet or Other Network Activity
  - Inferences
  - Sensitive Personal Information
- Categories of Third Parties with Whom Personal Information is Shared:
  - Affiliates
  - Outside Contractors
  - Laws and Legal Rights
Processing Purpose: Security and Fraud Prevention
- Personal Information Processed and Shared: ·
  - Identifiers
  - Commercial and Financial Information
  - Health Information
  - User-submitted Content
  - Email or Refer a Friend
  - Audio-visual Information
  - Device Information
  - Internet or Other Network Activity
  - Inferences
  - Sensitive Personal Information
- Categories of Third Parties with Whom Personal Information is Shared:
  - Affiliates
  - Outside Contractors
  - Laws and Legal Rights
Processing Purpose: Legal Rights and Obligations
- Personal Information Processed and Shared: ·
  - Identifiers
  - Commercial and Financial Information
  - Health Information
  - Demographic Information
  - User-submitted Content
  - Email or Refer a Friend
  - Audio-visual Information
  - Device Information
  - Internet or Other Network Activity Inferences
- Categories of Third Parties with Whom Personal Information is Shared:
  - Affiliates
  - Outside Contractors
  - Laws and Legal Rights

Your Rights

Beginning on July 1, 2023, and subject to certain limitations, Colorado residents have the rights below:

• Access: You have the right to access a copy of the specific pieces of Personal Information that we have collected about you.

• Portability: When you exercise your right to access, you also have the right to receive your Personal Information in a portable and, to the extent technically feasible, readily usable format.

• Deletion: You have the right to request that we delete or anonymize your Personal Information, with certain exceptions.

• Sale/Sharing Opt-out: You also have the right to opt-out of targeted advertising and the sale of your Personal Information.

Exercising Your Right to Access, Portability, Correction, or Deletion

To submit a request to access (including a request to obtain Personal Information in a portable format), correct, delete your information, or exercise your rights as a consumer or as an authorized agent, send an email to info@zionhealthshare.org. Once we receive a request, we will take steps to verify your request. We will ask for information that is reasonable in light of the nature of your request.

To use an authorized agent to make a request on your behalf, we may need the authorized agent to provide proof that you gave the authorized agent permission to submit the request on your behalf. We may also require you to verify your identity directly with us.

If we deny your request, you may appeal your request within 30 days from when your request was denied by contacting the Privacy Officer at the contact information below. You have the right to contact the Colorado Attorney General if you have concerns about the results of your appeal.

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770, or email info@zionhealthshare.org.

Sale of Personal Information

Zion HealthShare does not sell or share Personal Information in exchange for money. However, we may share Personal Information with our partners to understand how you use our Service, to customize your experience when you use our Service, to market to you, to improve our products and services, and to provide advertisements on other websites that we or our partners believe will be of interest to you. In some cases, sharing for these purposes may be considered a “sale” of information under Colorado law. In addition, Zion HealthShare uses cookies and similar technologies to enhance Service navigation, analyze Service usage, and assist in marketing efforts (including targeted advertising).

Questions

If you have any questions about these privacy rights, please contact us at the contact information below.

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770, or email info@zionhealthshare.org.

13. SPECIAL NOTICE TO CONNECTICUT RESIDENTS

For Connecticut residents, this section describes the rights you may have under Connecticut law as of July 1, 2023. These disclosures are intended to supplement this Privacy Policy with information required by Connecticut law. To understand what Personal Information we may have collected about you, from where we collected it, and what we do with it, please see Sections 3 and 4 of this Privacy Policy above. We do not use your Personal Information to make decisions with legal or similar significant effects for you based on the automated processing of your Personal Information.

Your Rights

Beginning July 1, 2023, and subject to certain limitations, Connecticut residents have the rights below:

• Confirmation of Processing and Access: You have the right to confirm whether we process Personal Information about you and to access a copy of the specific pieces of Personal Information that we have collected about you.

• Portability: When you exercise your right to access, you also have the right to receive your Personal Information in a portable and, to the extent technically feasible, readily usable format.

•Correction: You have the right to request that we correct inaccurate Personal Information that we hold about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.

•Deletion: You have the right to request that we delete or anonymize your Personal Information, with certain exceptions.

• Sale/Sharing Opt-out: You also have the right to opt-out of targeted advertising and the sale of your Personal Information.

Exercising Your Right to Access, Portability, Correction, or Deletion

If we refuse your request, we will notify you providing our reasons. You may appeal your request within 30 days from when your request was denied by contacting the Privacy Officer at the contact information below. If the appeal is denied, we will provide a way for you to contact the Connecticut Attorney General to submit a complaint.

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770 or email info@zionhealthshare.org.

Sale of Personal Information

Zion HealthShare does not sell or share Personal Information in exchange for money. However, we may share Personal Information with our partners to understand how you use our Service, to customize your experience when you use our Service, to market to you, to improve our products and services, and to provide advertisements on other websites that we or our partners believe will be of interest to you. In some cases, sharing for these purposes may be considered a “sale” of information under Connecticut law. In addition, Zion HealthShare uses cookies and similar technologies to enhance Service navigation, analyze Service usage, and assist in marketing efforts (including targeted advertising).

Questions

If you have any questions about these privacy rights, please contact us at the contact information below.

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770 or email info@zionhealthshare.org.

14. SPECIAL NOTICE TO UTAH RESIDENTS

For Utah residents, this section describes the rights you may have under Utah law as of December 31, 2023. These disclosures are intended to supplement this Privacy Policy with information required by Utah law. To understand what Personal Information we may have collected about you, from where we collected it, and what we do with it (including who we disclose it to), please see Sections 3 and 4 of this Privacy Policy above.

Your Rights

Beginning December 31, 2023, and subject to certain limitations, Utah residents have the rights below:

• Portability: When you exercise your right to access, you also have the right to receive your Personal Information in a portable and, to the extent technically feasible, readily usable format.

• Correction: You have the right to request that we correct inaccurate Personal Information that we hold about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.

• Deletion: You have the right to request that we delete or anonymize your Personal Information, with certain exceptions.

Exercising Your Right to Access, Portability, Correction, or Deletion

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770, or email info@zionhealthshare.org.

Sale of Personal Information

Zion HealthShare does not sell or share Personal Information in exchange for money.

Questions

If you have any questions about these privacy rights, please contact us at the contact information below.

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770 or email info@zionhealthshare.org.

15. SPECIAL NOTICE TO VIRGINIA RESIDENTS

For Virginia residents, this section describes the rights you may have under Virginia law as of January 1, 2023. These disclosures are intended to supplement this Privacy Policy with information required by Virginia law. To understand what Personal Information we may have collected about you, from where we collected it, and what we do with it (including who we disclose it to), please see Sections 3 and 4 of this Privacy Policy above. We do not use your Personal Information to make decisions with legal or similar significant effects for you based on the automated processing of your Personal Information.

Your Rights

Beginning January 1, 2023, and subject to certain limitations, Virginia residents have the rights below:

• Portability: When you exercise your right to access, you also have the right to receive your Personal Information in a portable and, to the extent technically feasible, readily usable format.

• Correction: You may have the right to request that we correct inaccurate Personal Information that we hold about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.

• Deletion: You have the right to request that we delete or anonymize your Personal Information, with certain exceptions.

• Sale/Sharing Opt-out: You also have the right to opt-out of targeted advertising and the sale of your Personal Information.

Exercising Your Right to Access, Portability, Correction, or Deletion

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770 or email info@zionhealthshare.org.

Sale of Personal Information

Zion HealthShare does not sell or share Personal Information in exchange for money.

Questions

If you have any questions about these privacy rights, please contact us at the contact information below.

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770 or email info@zionhealthshare.org.

16. USERS OUTSIDE THE UNITED STATES

The Service may only be used within certain jurisdictions within the United States as set forth in the Terms. Accordingly, this Privacy Policy, and our collection, use, and disclosure of your information, is governed by U.S. law, and by using the Service, you acknowledge that the Service will be governed by U.S. law. Using the Service from outside the United States is prohibited under our Terms and may subject you to termination of your use of the Service under such Terms. In no event will Zion HealthShare or any of its officers, directors, employees, consultants, subsidiaries, agents, and affiliated entities, including Zion HealthShare be liable for any losses or damages arising from your use of the Service outside of the United States, and you waive any claims that may arise under the laws of your location outside the United States. Notwithstanding the foregoing, we do not represent or warrant that the Service is appropriate or available for use in any particular jurisdiction. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including PII, PHI, and/or PCI-DSS on or to the Service, you consent to such transfer, storage, and processing.

17. QUESTIONS AND SUGGESTIONS

If you have questions or suggestions, please contact:

Zion HealthShare, 1141 W Silicon Cir A, St. George, UT 84770 or email info@zionhealthshare.org.

Updated 9/25/2023