# Privacy Policy **Carda Website Privacy Policy** **Version 2.0.1.3** **Last Update:** February 2023 This notice describes how Personal Data (defined below) about you may be used and disclosed and how you can obtain access to this information. Please review it carefully. ## INTRODUCTION We at Carda Health, Inc. ("**we**", "**us**", "**the Company**", or "**Carda**") value your privacy and are committed to keeping your personal data confidential. This Privacy Policy describes how we collect, use, and disclose your information in the context of providing the [Carda website](https://www.cardahealth.com/) including all relevant content and functionality associated with the Website (collectively, the "**Website**"). ### Privacy Policy Applicability This Website Privacy Policy applies to personal data that Carda collects from users of the Carda Website ("**Personal Data**"). **_The term "Personal Data" includes any information that can be used on its own or with other information in combination to identify or contact one of our users._** We believe that privacy and transparency about the use of your Personal Data are of utmost importance. In this Website Privacy Policy, we provide you detailed information about our collection, use, maintenance, and disclosure of your Personal Data. The Website Privacy Policy explains what kind of information we collect, when and how we might use your Personal Data, how we protect Personal Data, and your rights regarding your Personal Data. This Website Privacy Policy **_does not_** describe how we collect, use, and disclose your Personal Data in the context of providing you the Carda Platform or Mobile Application. For additional information related to how we use and disclose your Personal Data **_please contact our Privacy Officer at_** support@cardahealth.com. ### Agreement to Website Privacy Policy Terms By accessing and/or using the WEBSITE, **you are acknowledging that you have read and agree to the terms of this WEBSITE Privacy Policy**. If you do not agree, you must immediately cease using the WEBSITE. ### Website Privacy Policy Updates Please note that **_we occasionally update this Website Privacy Policy, and it is your responsibility to stay up to date with any amended versions._** Any revisions to the Website Privacy Policy will be posted on the landing page(s) of the Website. If you continue to use the Website following such notice, you are agreeing to those changes. ### Questions or Concerns If you have any questions or concerns after reading this Website Privacy Policy, please do not hesitate to contact us at privacy@cardahealth.com. ## COLLECTION AND USE OF PERSONAL DATA ### What Personal Data Does Carda Collect? We collect three types of information from our Website users: (i) contact data; (ii) support data; and (iii) technology data. Each category of data is explained in depth below. ### Contact Data: Carda collects contact data from users, which may include, but not be limited to, your name, job title, company name, organization type, phone number, and e-mail address. The collection of this demographic data is primarily used to contact you and provide consultations or demos of Carda products and services. ### Support Data: If you contact us for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for troubleshooting, customer support, and improvement of the Website in accordance with this Website Privacy Policy. Calls with Carda may be recorded or monitored for training, quality assurance, customer service, and reference purposes. ### Technology Data: We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data from your computer or mobile device as you navigate our Website or interact with emails or other communications we have sent you. This information is used to analyze overall trends, help us improve our Website, and ensure the proper functioning and security of the Website. ### How Does Carda Collect Personal Data? - **Website Engagement**: Carda collects Personal Data through your engagement with the Website, such as when you sign up to receive information from Carda or schedule a consultation. - **Browser or Device Information**: Information is collected by most browsers or automatically through your device. - **Clear GIFs**: We employ software technology called clear GIFs (also known as web beacons) to track the online movements of web users. - **SDKs and Mobile Advertising IDs**: Our Website may include third-party SDKs that allow us to collect information about your activity. - **Third-Party Plugins**: The Website may include plugins from other companies that may collect information about the pages you visit. - **Third-Party Online Tracking**: Carda partners with certain third parties to collect and analyze information. ### What Is Carda’s Cookie Policy? Cookies are files that hold a small amount of data used to help remember information entered and preferences selected. We use cookies and other technologies to better serve you with tailored information. Our cookies do not, by themselves, contain Personal Data. Users can usually set their browser to remove and reject cookies. ### Do Not Track Disclosure Some web browsers may transmit do not track ("**DNT**") signals to websites. Carda does not support DNT browser settings and does not currently participate in any DNT frameworks. ### How Will Carda Use Your Personal Data? Carda processes your Personal Data based on legitimate business interests. We only use or disclose your Personal Data when it is legally mandated or necessary to fulfill those purposes. Carda may aggregate and/or anonymize Personal Data collected through the Website to generate other data for our use. ### Does Carda Use Personal Data for Analytics? Carda uses third party-service providers to monitor and analyze the use of the Website, including Google Analytics, Segment, and others. ### Where Is Personal Data Processed? The Personal Data we collect through the Website will be stored on secure servers in the United States. ### With Whom Does Carda Share Personal Data? We may share your personal information with the following categories of individuals/entities: - **Business Partners and Vendors**: We share Personal Data with partners and service providers to facilitate our Website. - **Our Advisors**: We may share your Personal Data with third parties that provide advisory services to Carda. - **Third Parties Upon Your Direction or Consent**: You may direct Carda to share your Personal Data with third parties. - **Third Parties Pursuant to Business Transfers**: We may share your Personal Data in the event of a reorganization or transfer of assets. - **Government and Law Enforcement Authorities**: If reasonable and necessary, we may share your Personal Data to comply with legal processes. ### How Long Does Carda Retain Personal Data? Carda retains your Personal Data only as long as necessary and required for our business operations. At the end of the applicable retention period, we will remove your Personal Data from our databases and will require that our Business Partners do the same. ### What Happens to Personal Data Submitted by Minors? Carda does not knowingly collect Personal Data from individuals under the age of 18. If we learn that Personal Data from users under the age of 18 has been collected, we will take reasonable measures to delete such data. ## USER RIGHTS ### What Rights Do Users Have Concerning Their Personal Data? As a user of Carda’s Website, you have certain rights relating to your Personal Data including the right to: - Access Personal Data held by Carda. - Erase/delete your Personal Data. - Receive communications related to your Personal Data. - Restrict processing of your Personal Data. - Object to the further processing of your Personal Data. - Request that your Personal Data be transferred to a third party. - Rectify inaccurate personal information. ### How Can Users Update, Correct, or Delete Personal Data or Their User Account? You have the right to request restrictions on the uses and disclosures of your Personal Data. If you need to make changes, you may contact us at support@cardahealth.com. ### PROTECTION OF PERSONAL DATA ### Is Personal Data Secure? Carda understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Data. ### How Can Users Protect Their Personal Data? Carda has no access to or control over your device’s security settings. It is your responsibility to implement any device-level security features you feel are appropriate. ### What If Carda Experiences a Data or Security Breach? In the event of a data or security breach, Carda will promptly investigate the security incident and comply with laws and regulations. ## CALIFORNIA PRIVACY RIGHTS If you are a California resident, the California Consumer Privacy Act (“ **CCPA**”) may apply to you. Please contact us if you would like a copy of this notice.