PRIVACY POLICY – WEBSITE
BIG HEALTH INC. & BIG HEALTH LTD.

This Privacy Policy was last modified on August 10, 2023. This Privacy Policy covers how Big Health Inc., Big Health Ltd, and their respective representatives, and its affiliates (“Big Health”, “we”, “us”, “our”) collect, receive, use, retain, and disclose Personally Identifiable Information (“PII”) through our websites (collectively, the “Sites”). PII includes information about you that is personally identifying such as your name, email address, and phone number and which is not otherwise publicly available. PII means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

Big Health provides digital therapeutics designed to improve outcomes (“Apps”). We also operate Sites at www.bighealth.com, www.sleepio.com, www.trydaylight.com and all associated subdomains. The Apps, the Sites and the analytics collection, data collection, storage, analysis and reporting tools, functions and related services, are collectively referred to in this Privacy Policy as the Service.

Clinical Partners are hospitals, clinics, practices or other medical groups or healthcare systems that have contracted with Big Health to permit use of the Service by their respective Health Care Providers and patients; Health Care Providers are practitioners, patient advocates, coaches or other individuals who (as employees of or contractors to a Clinical Partner) provide healthcare or related services to patients; and patients are individual patients of the Clinical Partner who receive medical treatments or other healthcare services from one or more Health Care Providers, or individuals who are properly authorized representatives of any such patient; Service Partners are service partners that have contracted with Big Health to facilitate the use of the System by their respective Health Care Providers.

Through their provision of health care services to patients, Health Care Providers and Clinical Partners may have access to and be responsible for patient PII and patient protected health information as defined by Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules or other applicable laws. Health Care Providers and Clinical Partners are responsible for the privacy and security of such information and for obtaining consent from patients for the use and disclosure of such information.

By using the Sites, and/or by providing PII to Big Health or its authorized distributors you accept and hereby expressly consent to our collection, use, retention, and disclosure of your PII in accordance with the terms of this Privacy Policy.

This Privacy Policy may change from time to time, so please check back periodically to check the most recent modification date to ensure that you are aware of any changes in our processing of your PII. Your continued use of the Sites after any changes signifies your express, explicit, voluntary and unambiguous consent to any such changes.

Registration

You must register with the Sites and set up an account in order to use the Service. We may receive PII about you from your Health Care Provider or their Clinical Partner in order to identify you as an authorized user of the Service. When you register, we collect your name and email address. It is always your choice whether or not to provide us with such information. Big Health uses PII to:

Provide the Service
Communicate with you
Communicate with your patients and clinical partners as applicable
Create user profiles
Create de-identified analytical information
Reply to your request for information or comments
Analytics

When you use the Sites or the Service, we use tracking technology to collect information relating to your browser or device type, the time and date you use the Service, operating system, identification of Sites page views, use of particular Service features, geographic location and other statistical information relating to your use of the Sites or the Service. This information is referred to in this Privacy Policy as “Analytics.” We use Analytics to develop, improve, extend and test the Service (and underlying technology platforms); to market and promote Big Health and the Service; and we disclose, distribute and transmit Analytics to Clinical Partners for their use.  Big Health stores all data, including PII and Analytics, in the continental U.S.

Tracking ToolsThe Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information we receive from third parties, including third parties that have placed their own Cookies on your device(s).

To find out more information about Cookies, including information about how to manage and delete Cookies, please visit https://www.allaboutcookies.org/

Protection of Your Information

Big Health utilizes end-to-end encryption, leveraging both encryption-in-motion and encryption-at-rest, to protect your PII from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

We will retain PII for as long as necessary to provide our services and in accordance with the requirements of applicable healthcare record retention laws. We will retain and use PII as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

On at least an annual basis, Big Health undergoes third-party penetration testing by qualified consulting firms. Big Health intends to address vulnerabilities identified within defined timeframes based on severity level, which is determined using the Common Vulnerability Scoring System (CVSS) and exploitability of the vulnerability.

Information Sharing and Disclosure

We disclose your PII as well as de-identified information to third-party vendors who help us operate the Sites. These third parties are contractually obligated to maintain the confidentiality of your PII consistent with the terms of this Privacy Policy and to comply with the applicable data protection laws.

We will also disclose your information in response to a valid legal process, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information in response to a law enforcement agency’s request or other request for information from the U.S. or other government entities, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may, upon notice to you and/or your Clinical Partner, transfer your information to an entity or individual that acquires, buys, or merges with Big Health, or an affiliate.

We share Analytics with Health Care Providers, Clinical Partners and Service Partners for their internal use and with other third parties to market and promote Big Health and the Service.

Your Rights

You have certain specific rights with regard to your PII. We will respond to your request(s) in accordance with the law that applies to you. Your PII which we processed prior to your request may not be deleted from our Sites or Service records but will be blocked from further processing without your permission. A request to withdraw consent may not apply to information collected by tracking technologies or used internally to recognize you and/or facilitate your visits to the Sites, or information we may keep to comply with legal requirements.Right to AccessYou have the right to view all PII that Big Health has collected about them. In order to receive this information, please contact the Security, Privacy, and Compliance Officer. The first copy of this information is provided free of charge, and in a portable / common electronic form (e.g., CSV file).

Right to Correct

You have the right to ensure that the PII we have stored is accurate. In most cases, the system allows you to directly modify PII about you. However, if there is incorrect PII within our system that you are not able to change, please contact us at privacy@bighealth.com and we will work directly with you to update the PII.

Right to Deletion

You have the right to request deletion of all data within the system. To request your data be deleted, please contact the Security, Privacy, and Compliance Officer. In most cases, this request will be completed within 30 days. If circumstances require a delay to this deletion, Big Health will notify you directly explaining the reason for the delay. Note also that in some cases, there may be a legal requirement to hold on to your data. Again, Big Health will notify you directly if this is the case.

Right to Withdraw

Consent
You have the right to withdraw their consent relating to our processing of PII at any time by contacting us at privacy@bighealth.com. Please note that without consent to process Health Information, we will be unable to provide the System to you.

Right to Object

Under certain circumstances, you have the right to object at any time to our processing of your personal information for reasons relating to your particular situation (e.g., direct marketing).

Right to Restrict

Processing and/or Sharing
Under certain circumstances, you may have the right to ask us to restrict processing of your personal information and/or sharing of your personal information to third parties.

Right to Data Portability

Under certain circumstances, you may request that your personal information that you provide to us be handled without hindrance in a certain format (structured, commonly used, machine-readable format) and may have the right to transfer it to another company or organization.

Links to Other Sites; Third Party Apps; Transactions with Third Parties

The Sites may contain links to other sites that are not owned or controlled by Big Health. Please be aware that unlike third-party vendors who help us operate the Sites, we are not responsible for the privacy practices of these other sites. We encourage you to review the privacy policies and statements of other sites to understand their information practices. Our Privacy Policy applies only to information collected by our Sites and Services.

You may be able to obtain an App, access the Service and/or communicate with the Service from (and link or communicate from the Service to), applications, devices, distribution platforms and websites owned and operated by Clinical Partners and/or by Apple, Google or other third party distribution platform operators (“Channel Partners”). These other applications, devices, platforms and websites belong to third parties and are not operated or controlled by Big Health. Our Privacy Policy does not apply to any information collected, received, used, processed, transferred or disclosed by Channel Partners. Additional or different terms and conditions (including without limitation, privacy and security practices) apply when you access and use third party applications, devices, platforms and websites, which are not the responsibility of Big Health.

Big Health is not responsible for and will not be a party to any transactions between you and a third-party provider of products, information or services. Big Health does not monitor such transactions or ensure the confidentiality of your PII, including credit card information, for any third-party transaction. Any separate charges or obligations you incur in your dealings with these third parties linked to the Sites are solely your responsibility.

Children

Our Service is intended for individuals who are over the age of age 18. If you believe a child under the age of 13 has provided information to the Service please contact us using the information provided below.

Your California Privacy Rights; California Do Not Track Disclosures

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information, as defined in California Civil Code Section 1798.83(e)(7), by Big Health to a third party for the third party’s direct marketing purposes. Upon your request, Big Health will provide (i) the types of personal information Big Health shared with third parties for the third parties’ direct marketing purposes during the immediately preceding calendar year; and (ii) the identities of the companies with which we shared the information. You may make this request once per calendar year.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities, over time and across different websites. We do not honor “Do Not Track” signals. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.

Contact Us About this Privacy Policy

Big Health is committed to resolving complaints about your privacy and our collection or use of your PII. If you believe your privacy rights have been violated or you disagree with any action Big Health has taken with regard to your PII, you may file a complaint with Big Health by emailing us at privacy@bighealth.com.

If you have questions or suggestions, please email us at privacy@bighealth.com. You may also contact us at:

Big Health Inc.
Attn: Security Official / Head of Information Security
548 Market St
PMB 72279
San Francisco, CA 94104

DOC-3323 Effective 09/2023