Empatica, Inc.

Privacy Notice

Last updated: December 01, 2024

This Privacy Notice (“Notice”) describes how Empatica, Inc., its global affiliates, brands, and subsidiaries (collectively, “Empatica,” “we,” “our,” or “us”) collect, use, disclose, and otherwise process the personal information described in this Notice and the rights and choices individuals have regarding such personal information. By using the EmbracePlus watch, downloading the mobile application, EpiMonitor (the “App”), or using the associated web portal, you agree that your personal information will be handled as described in this Notice.

For information about your privacy choices, please review Section 7 Your Privacy Choices.

If you are a resident of Connecticut or Nevada, please see sections 15 and 16, respectively, for additional information about the “consumer health data” we process about you and/or the rights you may have under Connecticut and Nevada law.

If you are a resident of Washington: Please visit our Consumer Health Data Privacy Policy to review our privacy practices related to your health data.

You can find our Children’s Privacy Notice in Section 9.

Your use of our Services (defined below), and any dispute over privacy, is subject to this Notice and our Terms and Conditions, available at .

Table of Contents

1. Scope
2. Personal Information Collected
3. Purposes for Collecting and Processing
4. Disclosures of Personal Information
5. Aggregate and De-Identified Information
6. Cookies and Tracking
7. Your Privacy Choices
8. Retention
9. Children’s Privacy Notice
10. International Transfers of Personal Information
11. Security
12. Third-Party Links
13. Changes to this Privacy Notice
14. Contact Us
15. Residents of Connecticut
16. Residents of Nevada

1. Scope

Except as otherwise described below, this Notice applies to the personal information Empatica collects and processes related to your use of the EmbracePlus watch, the associated App, and the associated EpiMonitor Account page (“Portal”) (collectively, the “Services”).

Not in Scope. This Notice does not apply to the personal information that we collect and process about Empatica employees, contractors, personnel, job applicants, or candidates.

Additional Notices. In some cases, additional or supplemental privacy notices may be provided and will apply to certain personal information collected and processed by us. These additional notices will control to the extent there is a conflict with this Notice, with respect to your personal information that is subject to that additional notice.

1. Personal Information Collected

As further described below, we collect personal information directly from individuals, from third parties, and automatically through your use of our Services.

Personal Information Collected Directly from You. The personal information we may collect from you depends on how you use our Services or otherwise interact or engage with us, but generally includes:

• Contact information. When you contact us, including via email, phone, or webform, we collect certain personal information from you, such as your name, address, phone number, email address, postal address, practice name, and any personal information that you otherwise submit to us.
• Survey responses. When you fill out our surveys, we may collect your survey responses, including information regarding demographics, preferences, and your opinion about our products and Services. Participation in our surveys is voluntary.
• Health-related information. We may collect information related to your health, such as physiological information, physical condition(s), biometrical information (e.g., accelerometer, temperature, EDA data), computed biomarkers (e.g., sleep and movement), and medications you take. The type of health information we collect may vary based on the features of the Service you utilize.
• Transaction Information. If you purchase products from us or make a payment in connection with the Services, we may collect certain transaction information, such as card number, expiration date, billing address, shipping information and records about your past purchases.
• Promotions. If you participate in our promotions, we may collect your device information to provide you with such promotion.
• Communications and interactions. When you email, call, or otherwise communicate with us, we collect and maintain a record of your contact details, a history of our interactions with you, and information about your use of the Services.
• Events. If you register for or attend an event that we host or sponsor, we may collect personal information related to your registration for and participation in such event.
• Account and registration information. If you register for an account, we may collect name, date of birth, and contact information. We will also collect information from the associated parent/guardian if the user is under 13. For any designated caregivers, name and phone number are collected.
• Preferences. We also may collect information about your preferences, such as communications preferences, preferences related to your use of our Services, shopping behavior preferences, a record of your purchases from us, demographic data, and any other preferences you provide when interacting with us.

Personal Information Collected from Third Parties. We may collect personal information about you from third-party sources, such as public databases, joint marketing/promotional partners, social media platforms, or other third parties.

• Lead and prospect information. We may receive lead and prospect information, such as names, email addresses and contact information from third parties about individuals who may be interested in the Services.
• Social media information. If you post information about us or engage with us on third-party platforms, such as through your social media account, we may collect personal information about you from that third-party platform or account (e.g., your social media username and/or handle). These third-party platforms and services control the information that they collect and share about you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies.

Personal Information Collected Automatically. We and our providers automatically collect and derive personal information related to your use of our Services and your interactions with us. Such information may include:

• Technical information. Empatica also collects other technical information such as IP address, EmbracePlus identifier, the dates and times of access to the App, the phone/device type, as well as the software version, operating system, Bluetooth® and WiFi settings (On/Off).
• Activities and usage. We also collect activity information related to your use of the Services, such as features used.
• Location Information. We may collect geolocation information with your permission. You may turn off location data sharing through your device settings, however, the Service will not function properly if you do.

1. Purposes for Collecting and Processing

Generally, we collect, use, and otherwise process the personal information that we collect for the following purposes:

• Services and support. To provide our products and to operate our Services, communicate with you about your use of our products and Services, respond to your inquiries, gather feedback, fulfill your requests, communicate with you, run our day-to-day operations, and for similar support purposes.
• Relationship management. To manage our relationship with you, for example, to process your transactions, manage and maintain your account and subscription with us, manage your warranties, and respond to your questions and comments.
• Analytics and improvement. To better understand how users access and use our Services, products, and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop Services, features and new products and offerings, and for internal quality control and training purposes.
• Customization and personalization. To tailor the content that we may send you, including to offer personalized help and instructions, and to otherwise personalize your experience.
• Promotions. To administer the promotions we offer.
• Financial Operations. To perform credit recovery procedures and credit assignment to authorized companies.
• Marketing, advertising, and public relations. For marketing, advertising, and public relations purposes. For example, to send you information about our products and Services and the products and services of our affiliates, such as newsletters, and other marketing content, as well as any other information that you sign up to receive and to provide you with information about, or samples of, our product range for marketing purposes. We also may use certain personal information that we collect to manage and improve our advertising campaigns (both online and offline) so that we can better reach individuals with relevant content based on your interests and geographic region.
• Planning and managing events. For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
• Research, surveys, and product development. To administer surveys, such as for market research, customer satisfaction purposes or improving our products and Services, to conduct statistical and data analytics, and for other similar purposes.
• Security and protection of rights. To protect our Services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, violations of our Terms of Use or other agreements we have with you or this Notice, to defend our rights, including through legal or other dispute resolution processes.
• Legal proceedings and obligations. To comply with the law and our legal obligations, to respond to legal process and related legal proceedings, and government or law enforcement requests.
• General business and operational support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

1. Disclosures of Personal Information

Generally, we disclose the personal information that we collect to provide our Services, respond to and fulfill your transactions or requests, as otherwise directed or consented to by you, and as follows:

• Global affiliates, subsidiaries, branches, or associated offices. We may disclose the personal information we collect to our global affiliates, subsidiaries, branches, or associated offices who will use and disclose this personal information in accordance with the principles of this Notice.
• Vendors and service providers. We may disclose the personal information that we collect to our service providers and others who perform functions on our behalf or provide us services. These may include, for example, service providers that host or operate the Services, payment processors, analytics providers, information technology service providers, communication service providers, customer service vendors, consultants, auditors, and legal counsel. These companies and individuals may only use the data as permitted by our contracts with them.
• Advertising and analytics platforms, providers, and networks. We may disclose or make available personal information to the platform providers and vendors that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests. We may also make certain information (such as browsing information) available to advertising platforms, providers and networks in support of our marketing, advertising, and campaign management.
• General business operations. If we, our affiliates, or our subsidiaries are acquired by, merged with, financed by, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected about you to the other company. We may also share certain personal information as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and other advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
• Others as permitted or required by applicable law. We may disclose personal information to other parties to the extent permitted or required by applicable law. This may include regulators, government entities, and law enforcement. It may also include certain disclosures that we are required to make.
• Security and protection of rights. We may disclose your personal information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Notice, or as evidence in litigation in which we are involved.
• With permission. We may disclose personal information in ways not described above. If we do so, we will notify you, and if necessary, obtain your consent. For example, where you have a designated caregiver, we may share information with that caregiver.

1. Aggregate and De-Identified Information

We may use and disclose aggregate and other non-identifiable data related to our business and the Services for quality control, analytics, research, development, and other purposes. Where we use, disclose, or otherwise process de-identified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) we will maintain and use the information in de-identified form and not to attempt to re-identify the information, except in order to determine whether our de-identification processes are reasonable and adequate pursuant to applicable privacy laws.

1. Cookies and Tracking

We and our providers use cookies, pixel tags, and other similar tracking technologies to automatically collect information about browsing activity, device type, and similar information within the Portal. This information, which may be considered personal information in some jurisdictions, is used, for example, to analyze and understand how you access, use, and interact with our Services; to identify and resolve bugs and errors; to assess, secure, protect, optimize, and improve the performance of our Services; to personalize content; and for marketing, advertising, measurement and analytics purposes. We may also de-identify and/or aggregate such information to analyze trends, administer Services, and gather broad demographic information for aggregate uses, and for any other lawful purposes.

Cookies. Cookies are alphanumeric identifiers used for tracking purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process, to support the security and performance of the Services, or to allow us to track activity and usage data within and across the Services.

Pixel Tags and Similar Technologies. Pixel tags (sometimes called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. We may use these tracking technologies to understand users’ activities, to help manage content and compile usage statistics, and in emails to let us know when they have been opened or forwarded so we can track response rates and gauge the effectiveness of our communications.

Local Storage Objects. Local storage is a web storage mechanism that allows us to store data on a browser that persists even after the browser window is closed. Local storage may be used by our web pages to cache certain information in order to enable faster loading of pages and content when you return to the Portal. You can clear data stored in local storage through your browser. Please consult your browser help menu for more information.

Analytics. We use analytics tools, such as Google Analytics, to evaluate usage and traffic on our Portal. These analytics providers use cookies, pixels, and other tracking technologies to collect usage data to provide us with reports and metrics that help us analyze, improve, and enhance performance and user experience. You can learn more about how Google uses your information at www.google.com/policies/privacy/partners/ (“How Google uses information from sites or apps that use our services”). You can also download the Google Analytics Opt-out Browser Add-on to prevent your information from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Cross-Device Tracking. We and ad networks we work with may use the information we collect about you within our Portal, and on other third-party websites and services, to help us and these third parties identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.) to interact or engage with us or our Services.

Advertising Networks. We work with ad networks, channel partners, mobile ad networks, analytics and measurement services, and others (“ad networks”) to personalize content, as well as to manage our advertising on third-party websites, mobile apps, and online services. We may share certain information with ad networks, and we may each use cookies, pixel tags, and other tools to collect usage and browsing information within our Services, as well as on third-party websites, apps, and services. This information may include IP address, location information, cookie and advertising IDs, and other identifiers, as well as browsing information.

Custom Lists and Matching. We may share or make available certain customer list information (such as your name, email address and other contact information) with third parties (i) so that we can better target ads and content to you across third party sites, platforms and services, and (ii) in some cases, these third parties may help us to enhance our customer lists with additional demographic or other information, so we can better target our advertising and marketing campaigns.

Do-Not-Track. Currently, our Portal does not recognize web browser “Do-Not-Track” requests. You may, however, disable certain tracking as discussed below (e.g., by disabling all but necessary cookies).

1. Your Privacy Choices

You have certain choices regarding our processing of your personal information, and we make available several ways for you to manage your preferences and privacy choices, as described below:

Marketing Communications. We may send periodic promotional and operational emails or other similar communications to you. You may change your preferences or unsubscribe by following the instructions provided to you in the communication. If you opt out of receiving promotional emails from us, we may still send you communications that you have requested to receive from us.

Cookie Settings. You can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Portal who disable cookies might not be able to enter the Portal. If you visit the Portal from a different device or from a different browser on the same device, you will need to apply your cookie settings for that browser and/or device as well.

1. Retention

We retain your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected or as otherwise necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

1. Children’s Privacy Notice

We are committed to protecting the privacy of children who use our Services. This section includes disclosures required under the Children’s Online Privacy Protection Act of 1998 and its implementing regulations (collectively, “COPPA”). This section only applies to children under the age of 13 (a “child” or “children”) and supplements the other provisions of this Notice. The other provisions of this Notice apply to individuals over 13. This section notifies parents of:

• The types of personal information we may collect from children under 13, (“Children’s Personal Information”);
• How we use Children’s Personal Information; and
• Our practices for disclosing Children’s Personal Information.

We only collect as much information about a child as is reasonably necessary for the child to participate in our Services, and we do not condition a child’s participation on the disclosure of more personal information than is reasonably necessary.

Information We Collect Directly from Children. We may collect the following information from children:

• Contact information. When you contact us, including via email, phone, or webform, we collect certain personal information from you, such as your name, address, phone number, email address, postal address, practice name, and any personal information that you otherwise submit to us.
• Survey responses. If a parent/guardian fills out our surveys related to a child, we may collect the survey responses, including information regarding demographics, preferences, and their opinion about our products and Services. Participation in our surveys is voluntary.
• Account and registration information. We may collect name, date of birth, and contact information.
• Health-related Information. We may collect information related to health, such as physiological information, physical condition(s), biometrical information (e.g., accelerometer, temperature, EDA data), computed biomarkers (e.g., sleep and movement), and medication you take. The type of health information we collect may vary based on the features of the Service the child utilizes.
• Communications and interactions. If a child emails, calls, or otherwise communicates with us, we collect and maintain a record of those contact details, a history of our interactions with them, and information about their use of the Services.
• Preferences. We may collect information about the child’s preferences, such as preferences related to their use of our Services and shopping behavior preferences, and any other preferences provided when interacting with us.

Information We Collect Automatically. We automatically collect the following information about users of our Services, including children:

• Technical information. Empatica collects technical information such as IP address, EmbracePlus identifier, the dates and times of access to the App, the phone/device type, as well as the software version, operating system, Bluetooth® and WiFi settings (On/Off).
• Activities and usage. We collect activity information related to use of the Services, such as features used.
• Location Information. We may collect geolocation information with your permission. You may turn off location data sharing through your device settings, however, the Service will not function properly if you do.

How We May Use Children’s Personal Information. We use Children’s Personal Information for the following purposes:

• Services and support. To provide our products and to operate our Services, communicate with the child about their use of our products and Services, respond to inquiries, gather feedback, fulfill user requests, run our day-to-day operations, and for similar support purposes.
• Relationship management. To manage our relationship with the child, for example, to process transactions, manage and maintain their account and subscription with us, manage the product warranties, and respond to questions and comments.
• Analytics and improvement. To better understand how users access and use the Services, products, and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop Services, features and new products and offerings, and for internal quality control and training purposes.
• Customization and personalization. To tailor the content that we may send, including to offer personalized help and instructions, and to otherwise personalize the child’s experience.
• Promotions. To administer the promotional programs we offer.
• Research, surveys, and product development. To administer surveys, such as for market research, customer satisfaction purposes or improving our products and Services, to conduct statistical and data analytics, and for other similar purposes.
• Security and protection of rights. To protect our Services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, violations of our Terms of Use or other agreements we have with you or this Notice, to defend our rights, including through legal or other dispute resolution processes.
• Legal proceedings and obligations. To comply with the law and our legal obligations, to respond to legal process and related legal proceedings, and government or law enforcement requests.
• General business and operational support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

How We May Disclose Children’s Personal Information. We may disclose Children’s Personal Information under the following circumstances:

• Parents/Guardians and Caregivers. You may access your child’s personal data collected by us and may choose to receive notices of certain activity through the App; you may also designate additional caregivers to receive such notices.
• Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf.
• General business operations. If we, our affiliates, or our subsidiaries are acquired by, merged with, financed by, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected to the other company. We may also share certain personal information as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and other advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
• Others as permitted or required by applicable law. We may disclose personal information to other parties to the extent permitted or required by applicable law. This may include regulators, government entities, and law enforcement. It may also include certain disclosures that we are required to make.
• To Protect Us and Others. We may disclose the information we collect where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Notice, and as evidence in litigation in which we are involved.
• Aggregate and De-Identified Information. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research or similar purposes.

With Whom We May Disclose Children’s Personal Information To. We may disclose Children’s Personal Information to third parties. Visit the Third-Party Operators page to see the list of third-party operators who collect persistent identifiers on our sites and applications. We have provided the name and contact details for such third parties to the extent you have questions.

Parental Changes and Controls. When children create an account or otherwise engage with the Services, we will obtain verifiable parental consent prior to the collection of their Personal Information. At any time, parents may limit the use of the App and EmbracePlus watch by withdrawing their consent, writing to privacy@empatica.com. Parents may also review their Child’s Personal Information maintained by us, ask us to correct or delete their Child’s Personal Information, and/or prohibit us from continuing to collect or use their Child’s Personal Information. Parents can also agree to the collection and use of their Child’s Personal Information and restrict its disclosure to third parties, when it is not a part of the Service. Parents can review, change, delete, or restrict the disclosure of their Child’s Personal Information by sending us an email at: privacy@empatica.com. If you send us a request, we may require you to take certain steps or provide additional information to verify your identity before we provide any information or make any corrections.

1. International Transfers of Personal Information

Empatica is headquartered in the United States, and has operations, entities, and service providers in the United States, European Union, and throughout the world. As such, Empatica and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not include equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that such personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

1. Security

We have implemented safeguards that are intended to protect the personal information we collect from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

1. Third-Party Links

Our Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Notice, but instead is governed by the privacy notices of those third-party websites. We are not responsible for the information practices of such third-party websites.

1. Changes to this Privacy Notice

We may make changes to this Notice from time to time, so please be sure to check back periodically. We will post updates to the Notice on our website. If we make any material changes to this Notice, we will endeavor to provide you prior notice, such as by emailing or posting prominent notice on our website.

1. Contact Us

Empatica welcomes your questions and comments about your privacy or this Notice. Please contact us by emailing privacy@empatica.com or calling us at +1 (866) 739-2049.

1. Residents of Connecticut

Residents of Connecticut require additional disclosures under the Connecticut Data Privacy Act (the “CTDPA”) where a business processes “consumer health data” (as that term is defined under the CTDPA).

Sale of Personal Information

While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” the following categories of personal information: identifiers, such as unique personal identifiers, online identifiers, IP address, or other similar identifiers; commercial information; location data; and Internet and network activity information. We may disclose these categories to third-party advertising networks and analytics providers for purposes of marketing and advertising and to improve and measure our ad campaigns.

Consumer Rights

Residents of Connecticut may have additional rights under applicable privacy laws, subject to certain limitations, which may include:

• Access. To confirm whether we are processing their personal information and to obtain a copy of their personal information in a portable and, to the extent technically feasible, readily usable format.
• Deletion. To delete their personal information provided to or obtained by us.
• Correction. To correct inaccuracies in their personal information.
• Opt Out. To opt out of certain types of processing, including:
  • to opt out of the “sale” of their personal information;
  • to opt out of targeted advertising by us; and
  • to opt out of any processing of personal information for purposes of making decisions that produce legal or similarly significant effects.

At any time, if you need help, you may submit a request to exercise most of your privacy rights by emailing us at privacy@empatica.com.

When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request. If your request is denied, we will explain the basis for the denial.

If we deny your request, you will be able to appeal our decision according to the instructions we provide in our response.

You may also designate someone as an authorized agent to act on your behalf to submit an opt out request.

1. Residents of Nevada

This section of the Notice applies to the collection of “consumer health data” subject to the Nevada Consumer Health Data Privacy Act (“NCHDPA”) collected through the Services. This Notice does not apply to information or practices that are not subject to the NCHDPA, such as publicly available information, personal information governed by the Fair Credit Reporting Act, or job applicant and employee information.

1. The Categories of Consumer Health Data We Collect

Due to the broad definition of “consumer health data” under NCHDPA many of the categories of data we collect could also be considered consumer health data. We may collect the following categories of “consumer health data”:

• Individual health conditions, treatment, diseases, or diagnosis;
• Use or purchase of prescribed medication;
• Social, psychological behavioral, and medical interventions;
• Bodily functions, vital signs, symptoms, or measurements of the information described in this Section 1;
• Data that identifies a consumer seeking healthcare services, such as internet, network, or other electronic activity relating to your interaction with our websites or advertisements;
• Information processed to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information.

1. Purposes of Collection and How Empatica Uses Consumer Health Data

Generally, we may collect and use the consumer health data that we collect for the purposes set forth below:

• As reasonably necessary to provide you with the products or services you have requested;
• To provide support in connection with the use of our products and services;
• To enroll you in our membership plans and/or subscriptions;
• To communicate with you;
• To establish and manage your account and/or subscription;
• To administer the services and our relationship with you;
• To send you updates about Empatica and the products and services we offer;
• To detect security incidents;
• To protect against malicious or illegal activity;
• To ensure the appropriate use of our products and services;
• To improve our products and services and to develop new products and services;
• For short-term transient use of online identifiers;
• For quality and safety assurance;
• For internal research and development to evaluate the effectiveness of our products and services;
• For purposes of marketing, advertising, and product promotion, including to contact you regarding our programs, products, and services, surveys, and topics that be of interest or useful to you; and
• To comply with our legal and regulatory obligations.

1. The Categories of Sources From Which We Collect Consumer Health Data

In general, we may collect consumer health data from the following categories of sources:

• Directly from you;
• Your devices;
• Those authorized to provide personal information on your behalf, such as your guardian, caregiver, or authorized representative; and

1. The Categories of Consumer Health Data That We Share

We may share the following categories of consumer health data with third parties and affiliates:

• Individual health conditions, treatment, diseases, or diagnosis;
• Use or purchase of prescribed medication;
• Social, psychological behavioral, and medical interventions;
• Bodily functions, vital signs, symptoms, or measurements of the information described in Section 1;
• Data that identifies a consumer seeking healthcare services, such as internet, network, or other electronic activity relating to your interaction with our websites or advertisements;
• Information processed to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information.

1. The Categories of Third Parties and Specific Affiliates with Whom We Share Consumer Health Data

Empatica may share the categories of consumer health data included in Section 4 with the following categories of third parties and specific affiliates:

• Empatica srl;
• Government entities;
• Regulators;
• Those authorized to act on your behalf, such as your guardian, caregiver, or authorized representative; and
• Third parties we, our affiliates, or subsidiaries are or may be acquired by, merged with, financed by, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected about you to the other company. We may also share certain personal information as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and other advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.

1. Purposes for Sharing Consumer Health Data

Empatica may share the categories of consumer health data included in Section 4 for the following purposes:

• To provide the Services to you or to respond to your requests and inquiries;
• To better understand how users access and use our Services for analytical purposes and to improve our Services.
• For marketing, advertising, and campaign management;
• If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal information with lenders, auditors, and third-party advisors, including attorneys and consultants;
• To comply with the law and our legal obligations, to respond to legal process and related legal proceedings, and government or law enforcement requests.
• To protect our Services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, violations of our Terms of Use or other agreements we have with you or this Notice, to defend our rights, including through legal or other dispute resolution processes;
• To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions; and
• At your direction or where you have consented to such sharing.

1. Your Privacy Rights

NCHDPA provides consumers with the following rights:

• Know/Access: The right to confirm whether Empatica collects, shares, or sells your consumer health data and the right to access such consumer health data;
• Sharing/Sales: The right to know the names of all third parties with whom Empatica has shared your consumer health data or to whom Empatica has sold your consumer health data.
• Withdraw consent: The right to withdraw consent from Empatica’s collection, sharing, and selling of your consumer health data; and
• Deletion: The right to have your consumer health data deleted.

Exercising Your Privacy Rights (Nevada Residents Only)

Requests to Know/Access, Obtain Information About Sharing/Sales, and Delete

To make a request to know/access, obtain information about sharing/sales, or delete your consumer health data, please email us at privacy@empatica.com. Before completing your request, we may need to verify your identity or your authority to make a request on behalf of another person. We may send you a link to verify your email address and may request additional documentation or information solely for the purpose of verifying your identity, depending on the type of your request.

Requests to Withdraw Consent

• Collection: To opt out of Empatica’s collection of your consumer health data, please email us at privacy@empatica.com. Please note that if you withdraw your consent to Empatica’s collection of your consumer health data, we may be limited in the manner in which we can provide our services to you.
• Sharing: To opt out of Empatica’s sharing of your consumer health data with third parties and affiliates, please email us at privacy@empatica.com.
• Sale: We do not sell consumer health data.

If your request to exercise a right under the NCHDPA is denied, we will provide instructions for how you can appeal our decision. If your appeal is unsuccessful, you can file a complaint with the Nevada Attorney General's Office at ag.nv.gov/Complaints/File_Complaint/.