Effective December 29th, 2022 This Privacy Policy governs your use of our online interfaces and properties (e.g., websites and mobile applications) owned and controlled by Blink Health Inc. and its wholly owned subsidiaries (collectively, “Blink,” “we,” “us,” and “our”), including the www.blinkhealth.com website and the Blink mobile application (the “Site”), as well as the services (“Services”) and products (“Products”) available to users through the Site. Blink contracts with (i) Broadway Provider Group, P.A., a Florida corporation; (ii) Broadway Provider Group of CA, P.C., a California corporation; (iii) Broadway Health Provider Group of DE, P.A., a Delaware corporation; and (iv) Broadway Provider Group of NJ, P.C., a New Jersey corporation and its local affiliates (collectively, “Broadway Provider Group”) regarding online healthcare management services, telehealth medical consultations, and secure messaging between Broadway Provider Group physicians and other healthcare professionals (individually the “Provider” and collectively the “Providers”) and their patients. If you are looking for California-specific privacy information, check out our Privacy Notice for California Residents, which is incorporated into this Privacy Policy. We are committed to maintaining the privacy and security of your personal information, and we appreciate that health information may be particularly sensitive. This Privacy Policy applies to any products or services offered through any Blink website (a “Website”) or Blink mobile application (a “Mobile App”) that links to this Privacy Policy (collectively, the “Blink Services”). Blink respects the privacy of healthcare providers (“Providers”), subscribers to and users of the Blink Services (“Members”) and Website visitors (“Visitors”). This Privacy Policy discloses Blink’s information collection and dissemination practices in connection with the Blink Services and applies solely to the information that we collect through the Blink Services and from Visitors to the Website or Mobile App. This Privacy Policy does not address personal information that you provide to us in other contexts (e.g., through a business relationship not handled through a Website or Mobile App). Acceptance of Privacy Policy By using the Website or Mobile App, you agree to the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, you may not use the Blink Services, the Website, or the Mobile App. Your continued use of the Blink Services following the posting of changes to these terms will mean that you accept those changes. Personal Information Provided by You Blink collects your personally identifiable information (“PII”), including health information, through the Blink Services when you choose to provide such information, such as when registering to become a Blink member so that you may receive information and updates regarding the Blink Services or when making a purchase. PII can include your name, prescription and over-the-counter medications, health condition, address, telephone number, e-mail address, Social Security number, credit or debit card number, date of birth, healthcare coverage, pharmacy, and physician. Blink may also collect certain information that you indirectly provide to us when you use the Website or Mobile App, such as your activity on the Website or Mobile App, or when you interact with our social media channels. Blink’s Collection of Your Publicly Available Personal Information In order to better provide the suite of Blink Services to assist you in managing your healthcare, Blink may request publicly available personal information about you that is maintained by the consumer data companies Acxiom and/or LexisNexis or other similar services. This publicly available personal information may be used by Blink to verify your identity in online transactions and to aid in tailoring the Blink Services to your needs. By agreeing to Blink’s Terms of Use, you agree to appoint Blink as your agent for certain purposes, including (i) obtaining your medical information from healthcare entities, such as pharmacies, insurance payors, and pharmacy benefit managers, in order to provide the Blink Services and (ii) exercising your right to access your protected health information (“PHI”) pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”). Please read the “Appointment of Blink as Your Agent” section of the Terms of Use carefully in order to understand Blink’s ability to collect your medical information on your behalf. Blink’s Use of Personal Information Providing the Blink Services. Blink may use your PII to address your requests for information, products or services or in connection with providing you the Blink Services. Specifically, Blink may use your PII to provide the following Blink Services: (i) obtaining your medical information, including PHI, from your physicians, pharmacies, healthcare coverage providers and pharmacy benefit managers (collectively, “Healthcare Providers”), (ii) finding lower prices for your healthcare, (iii) finding arrangements that may reduce the cost to you of your healthcare, including but not limited to determining your eligibility for certain prescription drug discounts (iv) processing and/or fulfilling your orders, (v) scheduling appointments with Healthcare Providers, (vi) contacting Healthcare Providers, including physicians or pharmacies, on your behalf to request information necessary to provide the Blink Services, including, but not limited to, your medical and healthcare coverage information, your medication history, and your billing information and history, or (vii) creating other tailored healthcare experiences. Assisting You in Managing Your Healthcare. Blink may use your PII to assist you in managing your healthcare, including prescriptions and doctor appointments. To do so, Blink may contact you by phone, email or text to, among other related services, (i) find out if you wish to request a prescription refill, (ii) remind you to request a prescription refill, (iii) confirm that a refill request has been submitted, (iv) ask if you wish to transfer a prescription to a different pharmacy, or (v) provide other healthcare services. No Medical Care. Blink is not a medical group. Any telemedicine consults facilitated through our Website or Mobile App are provided by independent medical practitioners including Broadway Provider Group, which are independent medical groups with a network of United States based healthcare providers (each, a “Provider”). Broadway Provider Group (or your own medical provider if you do not use a Broadway Provider Group Provider) is responsible for providing you with a HIPAA Notice of Privacy Practices describing its collection and use of your PHI, not Blink. If you do not agree to be bound by the terms of the Broadway Provider Group Provider’s HIPAA Notice of Privacy Practices, you are not authorized to access or use our Website and Mobile App for the purpose of receiving telemedicine consults through our Site. Marketing by Blink. Blink may also use your PII to deliver advertisements and marketing communications to you that we believe may be of interest. These advertisements and marketing communications will be delivered solely by Blink. Marketing communications that you receive from Blink may include (i) advertisements for the Blink Services, (ii) advertisements for prescription drugs, and (iii) advertisements for other healthcare services or other goods or services. SMS Program. Blink may send SMS short code messages as part of our short code program (“SMS Program”). When you receive texts from a short code number, you may respond to the short code. For example, you may enter keywords to stop receiving texts from the short code or request help. We may log your responses and use them to take actions to administer the Program. This may include sharing information you provide with Blink’s service providers who are subject to Blink’s privacy and data security requirements. Please be advised that personal data collected through and for the purposes of user-requested alerts and service notification, including and not limited to short code text messages, will not be shared, sold or rented to any affiliated or unaffiliated third parties for marketing purposes. Disclosure of Personal Information Blink does not receive monetary payment in exchange from any external party to buy, rent, or license your PII. Some of Blink's marketing partners that help bring offers and information to you on Blink's behalf may use your PII for their own purposes. Blink’s subsidiaries that are covered entities and/or business associates under HIPAA do not sell HIPAA Protected Health Information ("PHI") without your express authorization. For more information about your rights under HIPAA, including your right to revoke an authorization in writing at any time, please refer to the HIPAA Notice of Privacy Practices. Because you have appointed Blink as your limited agent pursuant to the Blink Terms of Use, Blink is authorized to act on your behalf in obtaining your PHI from your Healthcare Providers. As described in this Privacy Policy, Blink is committed to safeguarding the privacy and security of your PII, including health information, when we use, maintain or transmit that data. However, when Blink is acting on your behalf pursuant to the agency agreement, it is not a covered entity or business associate subject to HIPAA. Nevertheless, when Blink obtains your health information while acting on your behalf, we will maintain the privacy and security of that information in accordance with the terms of this Privacy Policy and consistent with the security standards of the HIPAA security regulations. Disclosures Related to Providing the Blink Services You acknowledge that any and all information that you provide to Blink may be disclosed to Healthcare Providers in order to provide the Blink Services. For example, Blink may share your PII with a physician for purposes of scheduling a physician or telemedicine appointment. In addition, Blink may disclose your information to your healthcare providers to help them provide better health care to you. Blink is not responsible for protecting the privacy of your information when it is in the possession of a Healthcare Provider. Disclosures to Third Parties Assisting in Our Operations. Blink may share your PII with other companies that work with, or on behalf of, Blink to provide products and services. These companies may use your PII to assist Blink in its operations. Disclosures Under Special Circumstances. We may provide information about you to respond to subpoenas, court orders, legal process or governmental regulations, or to establish or exercise our legal rights or defend against legal claims. We believe it is necessary in some instances to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law. Business Transfers. We may share your PII with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of Blink’s business to such business entity. We will require any such successor business entity to honor the terms of this Privacy Policy. Automatically Collected Information and Anonymous Information Each time a Visitor uses the Blink Services, Blink collects some information to improve the overall quality of the Visitor’s online experience. Aggregated Data. Blink collects aggregate queries for internal reporting and also counts, tracks, and aggregates the Visitor's activity into Blink’s analysis of general traffic-flow on the Website. To these ends, Blink may merge information about you into aggregated group data. In some cases, Blink may remove personal identifiers from PII and maintain it in aggregate form that may later be combined with other information to generate anonymous, aggregated statistical information. Such anonymous, group data may be shared on an aggregated basis with Blink’s affiliates, business partners, service providers and/or vendors. Web Server Logs and IP Addresses. An Internet Protocol (“IP”) address is a number that automatically identifies the computer/machine you have used to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may disclose the server owned by your Internet Service Provider. Blink may use IP addresses to conduct analyses and performance reviews and to administer the Blink Services. Cookies and Web Beacons. Cookies are pieces of information that a website transfers to a user’s computer for purposes of storing information about a user’s preferences. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Many websites use cookies as a standard practice to provide useful features when a user visits the website and most web browsers are set up to accept cookies. Blink uses cookies to improve your online experience when using the Blink Services. You can set your browser to refuse cookies, but some portions of the Blink Services may not work properly if you refuse cookies. Some of Blink’s web pages may use web beacons in conjunction with cookies to compile aggregate statistics about Blink Services usage. A web beacon is an electronic image (also referred to as an “action tag,” “single-pixel,” or “clear GIF”) that is commonly used to track the traffic patterns of users from one web page to another in order to maximize web traffic flow and to otherwise analyze the effectiveness of the Blink Services. Some web beacons may be unusable if you elect to reject their associated cookies. Blink may also record the movement of Members and Visitors from page to page on the Website in order to improve the Blink Services. Referral/Links The Blink Services contain links to third-party websites that may offer information of interest. This Privacy Policy does not apply to those websites, and Blink recommends reviewing those websites’ privacy policies individually. Security Blink understands that storing our data in a secure manner is essential. Blink stores PII and other data using industry standard physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. When Blink is acting on your behalf pursuant to the agency agreement, it is not a covered entity or business associate subject to HIPAA; however, Blink has implemented data security measures that are consistent with the standards of the HIPAA security regulations. Please note, however, that while Blink has endeavored to create a secure and reliable website for users, the confidentiality of any communication or material transmitted to or from the Blink Services or via e-mail cannot be guaranteed. Your Role in Protecting Your Privacy You are responsible for maintaining the confidentiality of your Blink account password. Never share your Blink password with anyone you don’t want accessing your account. You agree that you will provide access to your password only to spouses and/or dependents, and you agree any user of your password is bound by the terms set forth in this Privacy Policy and the Terms of Use. It is your sole responsibility to inform Blink of any need to deactivate a password. Response to “Do Not Track” Signals Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not yet been adopted, Blink does not process or respond to “Do Not Track” signals. Children's Privacy Protection Blink understands the importance of protecting children's privacy in the interactive online world. The Blink Services, including the Websites and the Mobile App, are not designed for use by, or intentionally targeted at, children under 18 years of age. If you are under 18 years of age, you may only use the Website and the Mobile App with the involvement of a parent or guardian. Blink does not knowingly collect or maintain information about anyone under the age of 13 without the consent of the child’s parent or guardian. No one under the age of 13 should submit any PII to Blink, a Website and/or the Mobile App. Changes At certain locations on the Website or the Mobile App where information about you may be requested, you are offered the opportunity to opt-out of receiving communications from Blink. You may also review and request changes to your PII that Blink has collected, including the removal of your PII from Blink’s databases in order to prevent receipt of future communications or to halt receipt of the Blink Services, using any of the following options: You can send your request via e-mail to: [email protected] You can mail your request to the following postal address: Blink Health 1407 Broadway Suite 1910 New York, NY 10018 Policy Updates This Privacy Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display an effective date on the policy at the top of this Privacy Policy so that it will be easier for you to know when there has been a change. If we make material changes to this Privacy Policy regarding use or disclosure of PII, we will provide notice on the Blink website; via email; or in the iTunes App Store, Google Play or Amazon where the Mobile App may be downloaded. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice. Additional Disclosures for California Residents Notice related to California-specific privacy laws is available at Privacy Notice for California Residents. Additional Disclosures for Virginia Residents Under the Virginia Consumer Data Protection Act (“VCDPA”), Virginia residents have the right, subject to certain statutory limitations and exemptions, to request that Blink Health Inc. and its subsidiaries engaged in e-commerce: To exercise one or more of the rights above please submit a request to us by either: For each request, we will ask you: A known child’s parent or legal guardian may invoke the above-listed rights on behalf of the child. Please note that if you are under 18 years of age, you may only use the Website and the Mobile App with the involvement of a parent or guardian. We will evaluate and respond to your request within 45 days. If we require more time, we will inform you of the reason and extend the period in writing by up to an additional 45 days. If we are unable to complete your request, we will explain to you in our response the reasons why we cannot comply with your request. If your request has been declined, you have the right to appeal, which you can exercise by replying directly to the email you are appealing, emailing us at [email protected], or calling us at 844-265-6444. You have the right to complain to the Attorney General about the results of your appeal. Questions? If you have any questions about this Privacy Policy or about Blink’s handling of your information, please contact [email protected] or 844-265-6444.