Privacy Policy

Privacy Policy

SECTION 1: IDENTITY HEALTH PRIVACY PRACTICES – DATA COLLECTION, USE, & SHARING

This is the Privacy Notice of IDENTITY HEALTH), whose corporate office is located at 1125 Laramie St, Manhattan KS, 66502.

1. IMPORTANT NOTICE

Identity Health works with ZRT laboratory services to help patients and providers identify and assess their state of health through the use of laboratory testing, while delivering these results in a safe and secure manner (collectively “Services”).

Identity Health respects your privacy. This Privacy Notice explains how Identity Health collects and processes yourpersonal data when you use our Services, including the website www.idhealthtest.com. This Privacy Notice also provides information that is legally requiredand lists your rights in relation to your personal data under applicable law.

Certain sections of this Privacy Notice may apply only to residents of the U.S. (“U.S. Only”), while other sections applyto residents outside of the U.S. (“Outside the U.S.”). Verbiage not otherwise superseded by a country-specific statement apply globally.

We may amend this Privacy Notice occasionally and encourage you to check our Privacy Noticeregularly to understand how we may process your Personal Data.

2. INFORMATION ABOUT DATA TYPES AND USE

2.1. Data Types

This Privacy Notice relates to personal data about you and your interaction with our Services. “Personal Data” isinformation that can be used to identify you, directly or indirectly. PersonalData includes such things as: your full name, email address, phone number, mailing address and certain network identifiers.

Identity Health collects, uses, and discloses Personal Data as outlined in this Privacy Policy, including to operate andimprove the products offered to our customers; for internal advertising and marketing purposes; and to provide you, thecustomer the Services you have requested.

2.2. How We Collect Data

We collect Data when you utilize our Site and Services, including browsing ourproducts, or making purchases from us. This Personal Data may include name, address, phone number, usernameand password, email address, date of birth, location data, and payment information.

We collect Personal Data when you communicate with us or sign up to receive promotional materials or request other general information.

We may collect certain Personal Data using cookies and other technologies, such as device IDs,geolocation, HTML5 local storage, Flash cookies, and IP addresses. We use cookies that are necessary for functionality and used for personalization,performance/analytics, and advertising. Our Use of Cookies section contains more information and options to control oropt-out of certain data collection or uses.

If you become aware that an individual under 18 years of age has provided us with Personal Data without parentalconsent, please contact us at info@idhealthtest.com. If we become aware that an individual under 18 has provided us withPersonal Data without parental consent, we will take steps to remove the data as permitted by law.

2.3. Why We Collect and Process Your Personal Data

We need to process aspects of your Personal Data in order to fulfil our obligations to you and to provide youServices. Where we ask for your consent to process your Personal Data, you have the right to withdraw suchconsent as described in this Privacy Notice. Please note, however, we may be unable to provide you certain Services thatrequire the use of Personal Data.

2.4. How We Disclose Personal Data

We may disclose your Personal Data as described in this Privacy Notice, including:

Advertising and Marketing

Identity Health does not share or sell any personal information to third party companies to be used for externalmarketing purposes. For moreinformation on how data is disclosed for advertising see Advertising and Analytics section of this Privacy Notice.

Legal Compliance, Law Enforcement, and Public Safety Purposes

As permitted by law, with law enforcement, government or regulatory bodies, lawful authorities, or other authorizedthird parties in order to comply with laws, regulators, court orders, matters of national security or other legal obligationsor to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, toenforce our Terms of Use, this Privacy Notice, or agreements with third parties, or for crime-prevention purposes.

3. USE OF COOKIES

The Site uses cookies to improve user experience.

A “cookie” is a small text file that a web server stores in browser software.The purpose of cookies is to remember the browser over time and distinguish one user from all others. Some cookies and other technologies may serve to recall Personal Data previously indicated bya web user. Most browsers allow you to control cookies, including whether or not to accept them, and how to removethem. Cookies can remember login information, preferences, and shopping cart contents. Other cookies, often placed byour partners or other third parties, are used for analytics, marketing, or advertising.

Users are advised that if they wish to deny the use and saving of cookies from the Site on to their computer’s hard drive,they should take necessary steps within their web browser’s settings to blockcookies from the Site and its externalserving vendors.

4. ADVERTISING AND ANALYTICS

Interest-based advertising is advertising that is targeted to you based on your web browsing usage.

We utilize types of de-identified information to enable interest-based advertising. You can restrictthe use of information for interest-based advertising and to opt-out of receiving interest-based ads. You can also elect to block browser cookies from first parties (such as those from our website) andbrowser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browsersoftware. If you block browser cookies, some parts of our website may not function correctly. Also, blocking cookies willnot stop third-parties from collecting IP address, data stored in “Flash” cookies, and certain other types of technicalinformation that may uniquely identify your browser.

5. SOCIAL NETWORK WIDGETS

Our Site may include social network sharing widgets that may provide information to their associated social networks orthird-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interactwith the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by thesocial network or third party, information about your browser type, operating system, device type, IP address, and theURL of the web page where widget appears. If you use social network tools or visit social networking sites, you shouldread their privacy disclosures, to learn what information they collect, use, and share.

6. DATA RETENTION

We will retain your Personal Data for as long as long as you maintain an account or as otherwise necessary to provideyou the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolvedisputes, and enforce our agreements.

Where we no longer need to process your Personal Data for the purposes set out in this Privacy Notice, we will deleteyour Personal Data from our systems.

Where permissible, we will also delete your Personal Data upon your request, as further described in the Data SubjectAccess, Modification, and Deletion Rights section of this Privacy Notice.

7. STORAGE OF PERSONAL DATA

Identity Health and our associated Services and systems may be stored on servers in the United States. If you arelocated outside of the United States, please be aware that Personal Data we collect will be processed and stored in theUnited States, a jurisdiction in which the data protection and privacy laws may not offer the same level of protection asthose in the country where you reside or are a citizen.

By using our Services and/or submitting your Personal Data, you agree to the transfer, storage, and/or processing ofyour Personal Data in the United States.

8. SECURITY SAFEGUARDS AND LINKS TO OTHER WEBSITES

We implement appropriate safeguards to protect against unauthorized or unlawfulprocessing of Personal Data and against the accidental loss, destruction, or damage of Personal Data. Note, we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

This Privacy Notice only applies to our Site. We may provide a link or access toanother website or application for your convenience. We have no control over and are not responsible for Third-Party Sites, theircontent, or any of their goods or services. Our Privacy Policy does not apply to Third-PartySites.Please review theprivacy policies of any Third-Party Sites with which you choose to interact.

SECTION 2: PRIVACY SHIELD FRAMEWORKS

1. Privacy Shield for Data Transferred to the United States from the EU/Switzerland

Identity Health complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as setforth by the US Department of Commerce regarding the collection, use, and retention of personal information fromEuropean Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. Identity Health has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is anyconflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the PrivacyShield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, pleasevisit https://www.privacyshield.gov/.

For a description of our data handling practices, please refer to SECTION 1 of this privacy notice.

Personal data received or transferred pursuant to the Privacy Shield Frameworks, Identity Health issubject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation ofwhether we maintain personal information relating to you in the United States. Upon request, we will provide you withaccess to the personal information that we hold about you. You may also correct, amend, or delete the personalinformation we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccuratedata transferred to the United States under Privacy Shield, should direct their query to info@idhealthtest.com. If requested toremove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third partiesother than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request toinfo@idhealthtest.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities,including to meet national security or law enforcement requirements.

Identity Health’s accountability for personal data that it receives in the United States under the Privacy Shield andsubsequently transfers to a third party is described in the Privacy Shield Principles. Identity Health remainsresponsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personaldata on its behalf do so in a manner inconsistent with the Principles, unless Identity Health proves that it is notresponsible for the event giving rise to the damage.

2. Privacy Shield Complaints

In compliance with Privacy Shield Principles, Identity Health commits to resolve complaints about your privacyand use of your personal information transferred to the United States pursuant to Privacy Shield.

SECTION 3: HIPAA PRIVACY PRACTICES

This notice describes how health information about you may be used and disclosed and how you can get access to thisinformation. Please review it carefully.

With your consent, the laboratory is permitted by federal privacy laws to make uses and disclosures of your healthinformation for purposes of treatment, payment and health care operations. Protected health information is theinformation we create and obtain in providing our services to you. Such information may include documentation of yoursymptoms, test results, diagnoses, and treatment. It also includes billing documents related to those services.

Use of personal health information for payment purposes:

We may use and disclose your health information for payment purposes, including determinations of eligibility andcoverage utilization activities.

Use of personal health information for health care operations:

We obtain services from our business associates such as quality assessment, quality improvement,outcome evaluation, protocol and guidelines development, training programs, credentialing, medical review, legalservices and insurance. We will share information about you with such insurers or other business associates asnecessary to obtain these services.

1. Your Rights Regarding Your Protected Health Information:

The health and billing records we maintain are the physical property of the Identity Health. The information in it, however,belongs to you. You have a right to:

• Receive a notice that tells you how your health information may be used and shared.

• Decide if you want to give permission before your health information can be used or shared for certain

purposes. However, we may not grant the request.

• Ask that incorrect or incomplete information be removed or changed in your health records.

• Ask that your information not be shared with certain people, groups or companies.

• Ask to be contacted at different places or in different ways, such as through your office or by mail.

• Ask to see and get a copy of your health information.

HIPAA provides an exemption 45 CFR §164.524(a)(1)(iii) in relation to CLIA (Clinical Laboratory ImprovementAmendments) 42 CFR § 493.3(a)(2) as described below: CLIA certified laboratories that are also covered entities are notrequired to provide individuals with a right of access to or a right to inspect and obtain copies of their private healthinformation if the disclosure of the information to the individual would be prohibited by CLIA. CLIA requires laboratoriesto release test results only to “authorized persons” and, if applicable, the individual responsible for using the test resultsand the laboratory that initially requested the test. “Authorized person” means an individual authorized under State lawto order tests or receive test results or both.

2. Our Responsibilities:

Identity Health is required to:

• Maintain the privacy of your health information as required by law;

• Provide you with a notice of our duties and privacy practices as to the information we collect and maintainabout you;

• Abide by the terms of this Notice;

• Notify you if we cannot accommodate a requested restriction or request; and

• Accommodate your reasonable requests regarding methods to communicate health information

We reserve the right to amend, change, or eliminate provisions in our privacy practices and access practices and toenact new provisions regarding the protected health information we maintain. If our information practices change, wewill amend our Notice. You are entitled to receive a revised copy of the Notice by calling and requesting a copy of ourNotice.

3. To Request Information or File a Complaint:

If you have questions, would like additional information, or want to report a problem regarding the handling of yourinformation, you may contact us via e-mail at info@idhealthtest.com. Additionally, if youbelieve your privacy rights have been violated, you may file a written complaint by e-mail or mail to Identity Health. Youmay also file a complaint by mail or e-mail it to the US Secretary of Health and Human Service

4. Other Disclosures and Uses Notification

• We may disclose your protected health information for law enforcement purposes as required by law, such aswhen required by a court order, or in cases involving felony prosecutions, or to the extent an individual is in thecustody of law enforcement.

• Federal law allows us to release your protected health information to appropriate health oversight agencies orfor health oversight activities.

• We may contact you as part of our marketing efforts as permitted by applicable law.

• Other uses and disclosures outside of those identified in this Notice will be made only as authorized bylaw or with your written authorization which you may revoke the authorization previously provided.