FitHub PrivacyPolicy
‍Last Updated: January 8,2023
This FitHub Privacy Policy(this “Privacy Policy”) applies to the websites, applications, and electronic communications on which it appears (the “Platform”). The policy describes how FitHub,Inc. as well as our affiliates (collectively, “FitHub”, “the Company”, “we”, or“ us”) collect, use, disclose, store and otherwise process Personal Information and Health Information (each defined below) about you. Please read this Privacy Policy carefully, by interacting with us through the Platform you consent to this Policy.

I.APPLICATION OF THIS PRIVACY POLICY TO FITHUB SERVICES AND WEBSITES FitHub Services
‍FitHub services provided by the Company (the “Services”) are an interactive health risk assessment and health and wellness management program that generates reports and recommended plans of action, as well as educational materials, based on information entered into the system. This information maybe entered by you or by someone using the Services on your behalf (such as a friend, family member, or other person). These reports can be used by you to learn more about Health Information (defined below), and to track and monitor your health and wellness situation. The more you engage with the Services, the more you will learn about your particular health situation. We provide the Services to you on behalf of an employer, employee benefits administrator, pharmacy, retailer or other entity that provided you access to FitHub (“Third Party Provider”), in some cases through an embedded or co-branded website. We are contractually bound to process Personal Information under their instructions, and we strongly advise you to review privacy notices provided by any Third Party Provider. FitHub Websites In addition to information collected through the Services, we also collect information about individuals who visit FitHub-operated websites that link to this Privacy Policy (collectively, the “Site”).

‍II. WHATIS PERSONAL INFORMATION AND HEALTH INFORMATION?
‍“Personal Information” means information that would allow someone to identify, relates to, describes, or is reasonably capable of being associated with or linked to an individual. For example, your name, address, telephone number, and e-mail address. Personal Information does not include aggregated information that, by itself, does not permit the identification of individual persons, such as statistics about how many visitors FitHub received last month. “Sensitive Personal Information” means information that would identify someone by revealing their racial or ethnic origin; political opinions; genetic or biometric data (where used for ID purposes); religion; sex life or sexual orientation; trade union membership; health; or religious or philosophical beliefs. “Health Information” means information related to a medical condition or other indicia of health. Health Information does not include contact and account information entered when registering for FitHub. Health Information is also Personal Information unless it cannot be linked or associated with the individual to which it relates. By way of example, we may aggregate Health Information (without linking it to Personal Information) with that of other FitHub users to generate statistics regarding the number of FitHub users who are at risk of certain diseases based on self-reported answers to historical diagnosis information. “UID” means a unique user identification number, which is provided to FitHub by the Third Party Provider allowing you to establish your account.

‍III. WHATTYPES OF PERSONAL INFORMATION OR HEALTH INFORMATION DOES FITHUB COLLECT?

Information that You Provide Us

We collect a range of Personal Information and Sensitive Personal Information in order to provide our Services to you. If you do not provide the Personal Information we request, we may not be able to provide you with our Services, you may be required to provide us with the following types of Personal Information:
‍Creating an Account. We require you to establish an account to use FitHub. The Third Party Provider for your account will provide FitHub with a UID that carries no information other than the authorization rights to create an account. If you choose to create an account, we collect, at a minimum, the following information: (a) an e-mail address, (b) a password, and (c) a reminder hint incase you forget the password. You may also be asked to provide additional information such as (a) name, (b) mailing address, and (c) phone number. Once an account has been created, we will continue to use your assigned UID for you.
Health Information for Reports. FitHub collects Health Information provided on a voluntary basis and in accordance with consent. You may provide us Health Information directly (e.g., by completing an Assessment) or through other sources that you authorize us to receive information from (e.g., a wearable device). Use and disclosure of Health Information is limited (see Section IV, Health Information and Section V), and its transmission is protected using encryption technology (see Section IX, Security Measures).  To withdraw your consent for the processing of Health Information about you, you may send a request to privacy@fithubinc.com andwe will promptly take steps in accordance with applicable law to honor your request. If you withdraw your consent, you may be ineligible for rewards offered through the Services that are based on health-related objectives and metrics.
‍
‍Information Collected Automatically.

‍We collect information automatically through your use of the Services:
‍Browsing Information. When you browse or use the FitHub Site or Services, we may collect certain browsing information, to the extent applicable, including the following: (a) IP address, (b) the date and time at which you accessed the Services, (c) the pages that you visited, (d) the link you followed to reach the Services, and (e) your browser and operating system.
‍Cookies and Device Identifiers. Cookies are small files that are placed on your computer’s hard drive by your Internet browser. A device identifier is a unique identifier assigned to the device that you use to access the Site or Services. We use cookies or device identifiers on our Site and Services to identify visitors who have used FitHub and certain features of it before. Third Party Providers and their advertisers may also set cookies in connection with their content and advertisements, but we do not control their use of cookies. Most browsers provide you with the ability to block, delete, or disable cookies, and your device may allow you to disable transmission of device identifiers. If you choose to reject cookies or block device identifiers, some features of the Site and Services may not be available or some functionality may be limited or unavailable. FitHub does not track users over time and across third party websites to provide targeted advertising. Accordingly, we do not currently respond or take any action with respect to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Information about an individual consumer's online activities over time and across third-party web sites or online services. For more information about cookies visit:http://www.allaboutcookies.org/. Web beacons, pixels, and other tracking technologies operate independent of cookies.
‍Android Advertising ID. The Android Application uses a 3rd party(Google Firebase Analytics) which makes use of the Android Advertising ID to collect analytics information. The Android Advertising ID is not used in any other context within the application.
‍Website Analytics. We use Google Analytics, an analytics service to help us analyze the traffic on the Service. For more information on Google Analytics’ processing of Personal Information, please see “How Google uses data when you use our partners' sites or apps.” You can opt out of Google Analytics by installing Google’s opt-out browser add-on. These cookies may be ones placed by us (first-party) or by a third party. These cookies may also be Flash Cookies. To learn how to manage privacy and storage settings for Flash cookies click here. We may use cookies that are session-based or persistent. Session cookies expire when you close your browser or turn off your device. Persistent cookies remain on your device after you close your browser or turn off device. You can control cookies and tracking tools. Some browsers have a “do not track” feature that prevents a website from tracking you, as well as additional cookie settings. Our Platform does not currently respond to these signals. If you choose to block cookies and other trackers, certain features of the Platform may not work. Blocking or rejecting cookies will not stop all ofthe tracking described in this Policy. These features and options are browserand device specific and are not uniform. You can usually find these settings inthe options or preferences menu of your browser. To understand these settings,the following links for commonly used browsers may be helpful, or you can usethe help option in your browser for more details: Cookie settings in Internet Explorer Cookie     settings in Firefox Cookie settings in Chrome Cookie settings in Safari web and iOS.To find out more on how to manage and delete cookies, visitaboutcookies.org. For more details on your choices regarding use of your webbrowsing activity for interest-based advertising you may visit the followingsites: org aboutads.info com euOn a mobile device, you may also be to adjust your settings tolimit ad tracking.

‍IV. HOWDOES FITHUB USE PERSONAL INFORMATION OR HEALTH INFORMATION?

De-identifiedand Aggregated Information. We may use de-identifiedinformation such as browsing information or aggregated user information todevelop reports and analyses that help us enhance or promote our services.
‍PersonalE-mails/Messages. We may use Personal Information to contact you if you request or have consented for us to do so, if there is aproblem or an update to your account that requires you to be notified, or, ifyou are a registered user of the Services, to send you information relating tothe Services or similar services that we provide. You may withdraw your consentor opt out to receiving certain communications (e.g., marketingcommunications) by following the instructions provided in the messages that youreceive.
‍HealthInformation. Health Information, in non-aggregated form, is usedprimarily for the creation of reports and interactive educational and trackingfeatures through the Services. Reports may include treatment options,interactive features, and trackers and tools. Based on the data that is enteredinto FitHub, we may provide you with links to personal challenges, courses, orother features of FitHub that are likely of interest to you.FitHub provides social and community features. These sectionsare voluntary to join. No Health Information that is Personal Information isdirectly provided to the community by FitHub. Some of the community sections,such as a “Diabetic Forum” may allow other participants to draw inferencesabout a particular user’s health, even though no specific details regarding theuser’s health is provided by FitHub to the community. As a user, you mustdecide what information you wish to provide to the community forums.To the extent your Health Information is also PersonalInformation, we process it based on your explicit consent. To withdraw yourconsent, you may request that we delete Health Information about you followingthe instructions provided in Section VI of this Privacy Policy. If you withdrawyour consent for the processing of Health Information about you, you willcontinue to have access to your account, but certain features of the Servicesmay be unavailable.
‍AdditionalUses. In addition to the above uses, we may use Personal Informationfor any of the following purposes: (1) to provide, analyze, administer, andimprove our Site and services; (2) to provide the Services and Site; (3) torespond to specific requests from you and other visitors; (4) to provide anynecessary notices to you or other visitors if situations prompt suchnotification; (5) to protect the security or integrity of our Services ifnecessary; and (6) as necessary to meet legal obligations.

‍V. UNDERWHAT CONDITIONS DOES THE COMPANY DISCLOSE YOUR INFORMATION?

‍We do not disclose—including selling, leasing, renting, loaning,or transferring—Personal Information to third parties except as stated in thisPrivacy Policy or with your explicit consent. Our disclosure to third partiesis limited to the types of recipients and the purposes described in thissection:
‍Contractors. Weuse contractors to help with some of our operations. Some of these contractorswill have access to our database on a temporary basis for specific tasks. TheCompany may also use contractors to help with certain aspects of its operations(such as ensuring we do not send email messages to those who have opted out ofour messaging programs, clinical trials recruitment and enrollment, newslettersand other similar features), which may require the contractor to accessPersonal Information. For example we work with Google Analytics to analyze thetraffic on the Site, and Amazon Web Services to host the Site and the Services.The Company takes steps to ensure that these contractors maintain theconfidentiality of Personal Information and use Personal Information only asnecessary to perform the services they are asked to perform.
‍OtherDisclosures. We may share Personal Information with third parties underthe following circumstances: (i) in connection with a court order, subpoena,government investigation, or when otherwise required by law; (ii) in the eventof a corporate sale, merger, acquisition, or similar event; (iii) working withthird-party companies to support any technical operation or execute a specificpromotion or program (such as providing responses to conduct surveys, or maintaina database of visitor information, etc.); or (iv) to facilitate yourtransactions with our third-party marketing partners.

‍VI. HOWCAN YOU EXERCISE YOUR RIGHTS RELATING TO PERSONAL INFORMATION?

‍You have certain choices about how we use your Personal Information.You can opt out-out of certain marketing. To opt-out of marketingcommunications, please email us at privacy@fithubinc.com or by followingthe instructions included in the email or text correspondence. Please notethat, even if you unsubscribe from certain correspondence, we may still need tocontact you with important transactional or administrative information, aspermitted by law.You also have the right to access and update or change anyinformation you believe is incorrect. You may change Personal Information andHealth Information within FitHub online at any time. Alternatively, you maymake a request to privacy@fithubinc.com to review PersonalInformation about you. If you request that certain Personal Information bechanged, we will make the changes in accordance with applicable law.At any time, you may also request that we remove PersonalInformation and Health Information from our database. Depending on where youlive, you may have additional rights under applicable law, such as the rightsto export or object to or restrict the processing of Personal Information, andthe right to erasure of Personal Information. To exercise such rights, send us arequest at privacy@fithubinc.com and we willpromptly respond in accordance with applicable law.We will take commercially reasonable steps to propagate changesmade pursuant to this Section to third parties with whom we may have sharedyour information in accordance with this Privacy Policy.You may alsohave a right to lodge a complaint with a supervisory authority or otherregulatory agency if you believe that we have violated any of the rightsconcerning Personal Information. We encourage you to first reach out to us, sowe have an opportunity to address your concerns directly before you do so.

‍VII.CHILDREN'S PRIVACY

‍The Services are not intended for use by children. Accordingly,we do not intend to collect Personal Information from anyone we know to beunder 18 years of age. The Platform is not designed for use by persons underthe age of 13. If you are a parent or legal guardian and think your child hasgiven us information you can email us at privacy@fithubinc.com. You can also write tous at the address listed in the “Contact Us” section of this Policy. Pleasemark your inquiries “COPPA Inquiry.”

‍VIII. HOW DOES THIS PRIVACY POLICY RELATE TO THIRD-PARTY WEB SITES?

‍We cannot control, nor are we responsible for, the privacypractices or content of third-party websites and applications linked to theServices. Our Privacy Policy applies solely to Personal Information collectedthrough the FitHub Services and Site.

‍IX. HOWDOES THE COMPANY PROTECT PERSONAL INFORMATION AND HEALTH INFORMATION?

SecurityMeasures. In areas of FitHub where Personal Information is enteredand viewed, FitHub has industry-standard security measures in place to protectthe loss, misuse, or alteration of the information under our control. Except asprovided elsewhere in this Privacy Policy, we limit access to PersonalInformation to those persons in our organization who have a business need(including servicing your account, informing you of news and offers, oraggregating information) for such access. You should know, however, that nocompany, including us, can fully eliminate security risks associated withPersonal Information. As such, we cannot guarantee that our standard measureswill prevent a third party from circumventing our security measures andunlawfully intercepting or accessing transmissions or private communications,or where an error may occur in the administration of the Services. As such, werecommend that you use caution whenever submitting Personal Information onlineor through a mobile application.ComplianceStatement. The Company is neither a “Covered Entity” nor “BusinessAssociate” to Covered Entities as those terms are defined by the HealthInsurance Portability and Accountability Act of 1996 and its regulations(“HIPAA”), except in specific cases. In those cases, we will enter into“Business Associate Agreements” when required, and abide by all legalrequirements of such agreements. When we participate with a third party whichoperates and maintains a personal health record (“PHR”) which is subject to theHealth Information Technology for Economic and Health Act (“HITECH”) of theAmerican Recovery and Reinvestment Act (“ARRA”), they shall abide by anyfederal regulations applicable to PHR related entities. Nevertheless,recognizing the importance to our users of protecting and securing theirPersonal Information as well as their Health Information, we have adopted acorporate compliance plan which includes adoption of the administrative,physical and security safeguards set forth in the current HIPAA Privacy and SecurityCompliance Program for the Company.

‍X. YOURCALIFORNIA PRIVACY RIGHTS

‍California Civil Code Section 1798.83 permits users that areresidents of California to request certain information regarding a company’sdisclosure of personal information (as defined by California law) to thirdparties for such third parties’ direct marketing purposes.  If you are aCalifornia resident and would like to make such a request, please contact us asset forth in Section XIII below.In addition, the state of California provides Californiaresidents with certain other rights concerning their Personal Information. Thissection describes (1) the categories of Personal Information, collected anddisclosed by us, subject to California privacy law, (2) your privacy rights underCalifornia privacy law, and (3) how to exercise your rights.
‍Collection and     Disclosure of Categories of Personal Information under California Privacy     Law
‍In accordance with California law, we collected the followingcategories of Personal Information within the preceding 12 months from theeffective date of this Privacy Policy (both online and offline): Identifiers (for example, name, email     address, IP address, and online identifiers); Internet or other electronic network     activity information, including information on your usage of our Sites. Inferences drawn from any information     identified above to create a profileWe may disclose each of these categories of Personal Informationwith our service providers for our business purposes (to enable the serviceproviders to provide their services) and as otherwise described in the “Sharingof Personal Information” section above.   
‍Your Privacy     Rights Under California Law
‍If you are a resident of the California, you have the following rights:
‍Right to Know. You may have the     right to request information on the categories of personal information     that we collected in the previous twelve (12) months, the categories of     sources from which the Personal Information was collected, the specific     pieces of Personal Information we have collected about you, and the     business purposes for which such personal information is collected and     shared. You also have the right to request information on the categories     of Personal Information which were disclosed for business purposes, and     the categories of third parties in the twelve (12) months preceding your     request for your personal information.
‍Right to     Delete. You may have a right to request us to delete Personal     Information that we collected from you.
‍Right to     Opt-Out. You have a right to opt-out of certain disclosures of     Personal Information to third parties, if such disclosures constitute a     “sale” under California law. As noted above, in the past twelve (12)     months we enabled advertisers to collect certain information from the Site,     which the advertisers may use to improve their interest-based advertising     networks. Regardless of whether this is a “sale” as defined by the     California Consumer Privacy Act, you may opt-out of interest-based     advertising as described in Section 2(B), above.If you would like to exercise your rights listed above, pleasecontact (or have your authorized agent contact) us at privacy@fithubinc.com. When doing so, pleasetell us which right you are exercising and provide us with contact informationto direct our response.We must verify your identity before fulfilling your requests. Ifwe cannot initially verify your identity, we may request additional informationto complete the verification process. Any Personal Information you disclose tous for purposes of verifying your identity will solely be used for the purposeof verification.You have a right not to receive discriminatory treatment by anybusiness when you exercise your California privacy rights.Note to Job Applicants:  UnderCalifornia law, information collected and used in connection with a jobapplication is exempt from the rights stated above. Therefore, to help preventthe unauthorized access or deletion of Personal Information, we may decline anyrequests to access or delete Personal Information collected from jobapplicants. We will treat all such information as confidential and dispose ofit in accordance with our retention policy.
‍How to Exercise     Your California Privacy Rights
‍If you otherwise believe that we have collected PersonalInformation about you, and would like to exercise your rights listed above,please send (or have your authorized agent send) an email to privacy@fithubinc.com. You have a right not toreceive discriminatory treatment by any business when you exercise yourCalifornia privacy rights.While we take measures to ensure that those responsible forreceiving and responding to your request are informed of your rights and how tohelp you exercise those rights, when contacting us to exercise your rights, weask you to please adhere to the following guidelines:
‍Tell Us Which     Right You Are Exercising: Specify which     right you want to exercise and the Personal Information to which your     request relates (if not to you). If you are acting on behalf of another     consumer, please clearly indicate this fact and your authority to act on     such consumer’s behalf.
‍Help Us Verify     Your Identity: Provide us with     information to verify your identity. Please note that if we cannot     initially verify your identity, we may request additional information to     complete the verification process. Any Personal Information you disclose     to us for purposes of verifying your identity will solely be used for the     purpose of verification.
‍Direct Our     Response Delivery: Please provide us     with an e-mail or mailing address through which we can provide our     response. If you make the request by email, unless otherwise requested, we     will assume that we can respond to the email address from which you made     the request.Please note that you don’t need to create an account with us inorder to make a request to exercise your rights hereunder.
‍How We Respond to     Your Requests.
‍In all cases, we will respond to your request within 45 days.However, where reasonably necessary, we may extend our response time by anadditional 45 days, provided we send you notice of such extension first. Wewill provide the information to you via your preferred delivery mechanism. Ifthe information is provided to you electronically, we will provide you theinformation in a portable format and, to the extent technically feasible, in amachine readable, readily useable format that allows you to freely transmitthis information without hindrance.Please note that we will not charge you for making a request,provided that you make no more than two (2) requests per year. If you makethree (3) or more requests in any given twelve (12) month period, we may refuseto respond to such requests, if determined by us to be unfounded or excessive(e.g. repetitive in nature), or we may charge a reasonable fee taking intoaccount the administrative costs of providing the information or communicationor taking the action requested. If we refuse to act on the request, we willprovide you notice and the reason for our refusal to act.

‍XI. Retention of PersonalInformation

We will retain Personal Information about you for the periodnecessary to fulfill the purposes for which Personal Information about you hasbeen collected as outlined in this Privacy Policy. Typically, we delete allPersonal Information relating to an agreement with a client upon the expirationof that agreement, unless a longer retention period is required by law. Weretain backup copies of Personal Information for 90 days thereafter.

‍XII.GENERALAmendmentsto this Privacy Policy. 
‍
FitHub may modify or update this Privacy Policy from time to time, so please review it periodically. Where required by applicable law, we will provide you with notice of material changes to the Privacy Policy and, if further required by law, provide you with an opportunity to consent to such changes. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to the FitHub Services.
‍Contact FitHub’s Privacy Officer. Our intention is to be diligent in protecting your privacy by strictly following our Privacy Policy. If you would like to make suggestions or find out more about our privacy practices, please contact our Privacy Officer at privacy@fithubinc.com or call (202) 794-6742.Our mailing address is FitHub,Inc., 66 West Flagler St, Suite 900, Miami, FL 33130.
‍Miscellaneous. Theterm “including” in this Privacy Policy means “including without limitation.”If you need this Privacy Policy in another language please contact privacy@fithubinc.com for assistance.