PRIVACY POLICY

Wellbe, Inc. (“Wellbe,” “we,” “us” or “our”) owns, operates and provides the web site located at https://choicepath.me (the “Site”). Any user of the Site that is provided access to the site by a Wellbe customer for the purpose of configuring the Site to manage the care of an individual patient, or otherwise design clinical workflows or care paths on behalf of a Wellbe customer, is a “Provider User”. Any user of the site that accesses the site as an end user of the site to manage his or her own healthcare journey, or receive information from a Wellbe customer related to his or her own healthcare or treatment is a “Patient User”. As used in this Privacy Policy, “you”, or “your” refer to a Patient User. “Users” means Provider Users and Patient Users.

CHILDREN UNDER THE AGE OF 13

The Site is not intended for children under 13 years of age. No one under age 13 may provide any information to the Site. We do not knowingly collect Personal Data from children under 13. If you are under 13, do not use or provide any information on this Site or provide us with your name, address, telephone number, email address, any screen name or user name you may use, or any other information about yourself. If we learn we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us as described in the “Contacting Us” section below.

PERSONAL DATA, DEFINED

As used in this Privacy Policy, “Personal Data” means any information entered into the Site by or at the direction of Patient User which relates to that Patient User which identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device.

SCOPE OF PRIVACY POLICY

This Privacy Policy does not apply to any information we collect from any source other than the data entered into the Site by or on behalf of a Patient User. Data entered into the Site by or on behalf of a Provider User is governed by a separate written agreement between Wellbe and the Wellbe Customer on whose behalf the Provider User uses and accesses the Site. We may offer products and services other than the Site. If you wish to learn more about such products and other services, please contact us as described in the “Contacting Us” section below.

WHAT INFORMATION DO WE COLLECT?

You provide information when you post or transmit content (including any text, graphic, audio, video, or other content), respond or subscribe to surveys, complete online forms or questionnaires, or otherwise use or access the Site. The information you provide may include your name, address, phone number, email address, company name, job title, IP address, content of messages transmitted to us via the Site, and other information that personally identifies you or can otherwise be linked to you. If applicable law requires consent beyond your acceptance of this Privacy Policy, we will contact you to obtain such necessary consent.

When you access or use the Site, we may send one or more cookies – small files – to your computer or device. We may be able to uniquely identify your browser with such cookies. We may use session cookies and persistent cookies. Session cookies provide information to us while your browser is open. Persistent cookies provide information to us after your browser is closed and later re-opened. If your browser is set to disable cookies, some features of the Site may not function.

We may also record certain information sent or made available by your device when you access the Site. Such information may include your location, your device and its specifications, the referring page or service and URL, IP address, browser type and language, operating system specifications, pages viewed, the time you spend on each page, the order in which you view pages, the date and time of your use or access, the exit page or service and URL, application crashes, and similar information.

We may also use technology such as web beacons and clear gifs to track you, and your use of and access to the Site. We may also use this technology in emails we send to you to track whether you opened the email. Please note that some web browsers and devices permit you to broadcast a preference to websites and online services that they “do not track” your online activities. At this time, we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received.

WHAT DO WE USE YOUR INFORMATION FOR?

We use collected information, and share collected information with our affiliates, other businesses, suppliers, vendors, licensors, and agents, to operate, maintain and provide the features and functionality of the Site, including to:

respond to and process inquiries by you, our customers, and our providers;
alert Users to new features and functionality, or to products and services offered by us or by third parties;
provide personalized content and information;
enable our customers and other third parties to provide you with access to services or products provided by our customers and other third parties;
monitor the effectiveness of our marketing activity;
transfer Patient User data between Wellbe customers to enhance user experience;
enforce this Privacy Policy;
monitor aggregate use of and access to the Site, including potential use of third-party analytics tools or services; and
for any other purpose, with your consent.

We may also disclose collected information if we believe disclosure is required to comply with applicable law, or to protect us or the Site.

In the event that we are involved in a merger, acquisition, sale, bankruptcy, insolvency, reorganization, receivership, assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, or a change of control, there may be a disclosure of your personal data to another entity related to such event.

We may share your information in response to lawful requests by public authorities, including to meet national security or other lawful enforcement requirements.

Please note that you may withdraw your consent to use and/or disclose your Personal Data at any time, subject to certain restrictions prescribed by applicable law. If you do so, we may not be able provide certain services to you.

WHAT ARE YOUR CONTROLS AND CHOICES?

You have the right to exercise certain controls and choices regarding our collection, use and sharing of your information. Your controls and choices include the following:

- you may access, correct, update, and delete your information as described in the “How can you delete or correct collected information?” below;

- you may change your choices for newsletters, emails, and alerts as described in the applicable newsletter, email, or alert;

- you may obtain from us information regarding our policies and practices as they relate to the collection, use and disclosure of your information, including those with respect to the transfer and storage of your information outside of your jurisdiction of residence by contacting us as described in the “Contacting Us” section below; and

- if applicable, you may request a list of all third parties to which we have disclosed your Personal Data during the preceding year for direct marketing purposes and a disclosure of the shared information, as described in the “Your California Privacy Rights” section below.

You may, of course, decline to submit Personal Data to us, in which case we may not be able to provide certain services to you.

We reserve the right to take reasonable steps (such as requesting your password) to verify your identity before making corrections or deletions.

If you have questions regarding the information about you that we process or retain, please contact us as described in the “Contacting Us” section below.

HOW CAN YOU DELETE OR CORRECT COLLECTED INFORMATION?

At your request, we will delete from our active databases your Personal Data in our possession. We may retain such information, however, to the extent required by law, to comply with our other agreements with you (if any), or if copies are kept in archival backups, provided that, except to the extent required by applicable law, in no circumstances will we retain your personal data longer than is necessary for the fulfillment of the purposes for which it was collected.

At your request, we will also use reasonable efforts to correct your Personal Data contained in our active databases.

To request the removal or correction of your Personal Data, please contact us as described in the “Contacting Us” section below. We will respond to your request within 45 days.

HOW DO WE PROTECT YOUR INFORMATION?

We take the protection of your Personal Data seriously. We protect such information against loss and theft as well as unauthorized access, disclosure, copying, use, and modification using security safeguards, including physical, organizational, and technological measures, commensurate with the sensitivity of such information. Our employees who have access to your information are made aware of the importance of keeping it confidential.

Where we use service providers or otherwise disclose your personal data to unaffiliated third parties in accordance with this Privacy Policy, we require them to have privacy and security standards that are comparable to ours. We may use contracts and other measures with such persons to maintain the confidentiality and security of your personal data and to prevent it from being used for any purpose not in accordance with this Privacy Policy.

Please be aware that no data security measures can guarantee 100% security. You should also take steps to protect against unauthorized access to information.

THIRD PARTY LINKS

We may offer links to other sites from the Site. We have no control over these external sites or their content and are not responsible for any actions that they may take or any information they may collect. You may arrive at such sites through clicking on an image or graphic, as part of a co-branding arrangement, as part of an affiliation we have with a third party, or simply by selecting a link on another website. You should be aware that this Privacy Policy does not apply to your use of these sites and services. If you provide any information to such sites or services, different rules regarding the collection and use of your information and other information may apply. Before using these linked sites or services, you may wish to review their privacy policies to understand how they treat privacy, security, data collection, disclosure, distribution, and use.

YOUR CALIFORNIA PRIVACY RIGHTS

This section supplements the information in the Privacy Policy and applies solely to Patient Users who reside in the State of California. This policy is provided to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this section.

The Site collects Personal Data. Personal Data does not include: (i) publicly available information from government records; (ii) deidentified or aggregated consumer information; or (iii) health or medical information covered by the Health Insurance Portability and accountability Act of 1996 and the California Confidentiality of Medical Information Act or clinical trial data.

Information we collect. In particular, the Site has collected the following categories of Personal Data from consumers within the past 12 months:

Some personal information included in this category may overlap with other categories.

Category	Examples	Collected
A. Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.	Yes
B. Personal Information Categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e))	A name, signature, physical characteristics or description, address, telephone number, insurance policy number, education, or any other financial information, medical information, or health insurance information.	Yes
C. Protected classification characteristics under California or federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
D. Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	No
E. Biometric Information	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No
F. Internet or other similar network activity	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	Yes
G. Geolocation Data	Physical location or movements.	Yes
H. Sensory Data	Audio, electronic, visual, thermal, olfactory, or similar information.	No
I. Professional or Employment related information	Current or past job history or performance evaluations.	No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. 1232g, 34 C.F.R. Part 99))	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other personal information	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	Yes

We obtain the Personal Data described in the table above directly from you, for example when you complete forms or answer questions on the Site. The Site also obtains Personal Data indirectly from you, for example by observing your actions on the Site. We may also obtain Personal Data about you from Provider Users.

Use of Personal Data. We may use, sell, or disclose the Personal Data for one or more of the following purposes:

To fulfill or meet the reason for which you provided the information, such as enabling you to complete a care path on our Site.
To provide support, personalize, and develop the Site, products, and services.
To create, maintain, customize, and secure your account with us.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
To personalize your Site experience, including customizing product and service offerings relevant to your interests.
To help maintain the safety, security, and integrity of our Site, products and services, databases and other technology assets, and business.
To transfer your data between Wellbe customers to enhance user experience;
For testing, research, analysis, and product development.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to you when collecting your Personal Data or as otherwise set forth in the CCPA.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Site is among the assets transferred.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelate, or incompatible purposes without providing you notice. Sharing Personal Data. We may share your Personal Data by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Data confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Wellbe has disclosed Personal Data for a business purpose to the categories of third parties indicated in the chart below.

We do not sell personal information. In the preceding twelve months, Wellbe has not sold personal information.

Category	Business Purpose Disclosures	Sales
A. Identifiers	To Wellbe’s health care provider partners.	No
B. Personal Information Categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e))	To Wellbe’s health care provider partners.	No
C. Protected classification characteristics under California or federal law	To Wellbe’s health care provider partners.	No
D. Commercial Information	None	No
E. Biometric Information	None	No
F. Internet or other similar network activity	None	No
G. Geolocation Data	None	No
H. Sensory Data	None	No
I. Professional or Employment related information	None	No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. 1232g, 34 C.F.R. Part 99))	None	No
K. Inferences drawn from other personal information	None	No

Rights and choices. The CCPA provides California Patient Users with specific rights regarding their Personal Data. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to requires that we disclose certain information to you about our collection and use of your Personal Data over the past 12 months (the “Right to Know”). Once we receive your request and confirm your identity (see the “Contacting Us” section below), we will disclose to you:

The categories of Personal Data we collected about you.
The categories of sources for the Personal Data we collected about you.
Our business or commercial purpose for collecting or selling that Personal Data.
The categories of third parties with whom we share that Personal Data.
If we sold or disclosed your Personal Data for a business purpose, two lists disclosing the personal categories that each category purchased or obtained.
The specific pieces of Personal Data we collected about you (also called a data portability request).

You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see the “Contacting Us” section below), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to: 1) complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated withing the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our obligations to you; 2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; 3) debug products to identify and repair errors that impar existing intended functionality; 4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; 5) comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 et. Seq.); 6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent; 7) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; 8) comply with a legal obligation; 9) make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or deidentify Personal Data not subject to one of these exceptions from our records and will direct our service providers to take similar action. We do not provide these deletion rights for business to business Personal Data. To exercise your rights to know or delete described herein, please submit a request as described in the “Contacting Us” section below. Only you, or someone legally authorized to act on your behalf, may make a Request to Know or Delete related to your Personal Data. You may only submit a Request to Know twice within a 12 month period. Your Request to Know or Delete must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Response timing and format. We will confirm receipt of your request within ten (10) business days. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. Personal Data Sales Opt-Out and Opt-In Rights. If you are age 16 or older, you have the right to direct us to not sell your Personal Data at any time (the "right to opt-out"). We do not sell the Personal Data of consumers we actually know are less than 16 years old. Consumers who opt-in to Personal Data sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by contacting Wellbe support: Do Not Sell My Personal Data.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Data sales. However, you may change your mind and opt back in to Personal Data sales at any time by contacting support with your request: (support@wellbe.me).

You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Data provided in an opt-out request to review and comply with the request.

Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Data's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

GOVERNING LAW; JURISDICTION; TRANSFER OF PERSONAL DATA

The Site is hosted in the United States. If you are accessing the Site from outside the United States or any other region with laws or regulations governing personal data collection, use and disclosure that differ from the United States laws, please be advised that through your continued use of or access to the Site, is governed by U.S. law. By using the Site, you acknowledge that you are transferring Personal Data to the United States and that you consent to that transfer. The laws of the State of Wisconsin and applicable United States law govern all matters arising out of or relating to the Privacy Policy, including, without limitation, interpretation, construction, performance, and enforcement, without giving effect to such state’s conflicts of law principles or rules of construction concerning the drafter hereof. Jurisdiction and venue for any dispute related to this Privacy Policy will exclusively rest with the state and federal courts in Madison, Dane County, Wisconsin.

CHANGES TO THIS PRIVACY POLICY

We reserve the right at our discretion to change the Privacy Policy at any time. We will post the most current version of this Privacy Policy to the privacy policy pages on the Site. If we make a material change to this Privacy Policy, we will notify you by providing notice of the update to the email address you provided when you registered for the Site. Provider Users will be notified by providing notice to the Wellbe Customer who has granted the Provider User with access to the site. Additionally, we will notify all Users by posting a notice on the Site for a reasonable period of time after such changes are made and by changing the last modified date listed below. Changes will take effect as described in the notice. If you use or access the Site after the change takes effect, you accept the Privacy Policy as modified.

CONTACTING US

You can contact us via email (support@wellbe.me) or at the following address:

Wellbe, Inc.
8025 Excelsior Dr., Suite 108
Madison, WI 53717

Please include your name, address, and any other information necessary to respond to you.

This Privacy Policy was last modified on September 29, 2020.