Namida Lab Mobile App PRIVACY POLICY

Last updated on May 4, 2021.

OVERVIEW

Welcome to Namida Lab! Namida Lab is a mobile application that has been designed to provide a digital option for clinical research. This application allows for secure and remote electronic consent, collection of research data, and important updates for study participants. Please review our Privacy Policy carefully. If viewing in our mobile application, tap “Accept” to acknowledge that you understand the ways in which Namida Lab may process your personal information. You may be asked additional questions as you use the app to ensure we have your consent to collect and use your personal information for specific purposes. For your convenience, we summarized some highlights below, but you should still review the entire Privacy Policy in detail.

Namida Lab may process your personal information for the following purposes:

  • Providing you with the service accessed through this mobile application including through service providers, such as our cloud hosting provider, that are contractually bound to protect your personal information.
  • As directed by your sponsor (ex: your health insurer or healthcare provider) per our business associate agreement governed by HIPAA.
  • Hosting your personal information in data centers within the United States of America.
  • De-identifying your personal information (so it no longer identifies you) and using the resulting information in aggregated or non-aggregated form for product improvement, marketing, research, and to provide services to our customers; and
  • • Meeting our legal obligations.

If you do not agree to your personal information being processed for these purposes, or with any other terms of our Privacy Policy below please do not use our mobile application.

INFORMATION COLLECTION AND USE

This Privacy Policy is designed to inform users how Namida Lab, Inc. (“Namida Lab,” “we,” “our,” or “us”) collects and uses your information through our applications and related services (collectively, the “Service”). “Personal Information” is information that identifies you, including health information, as categorized below. Some information may fall under multiple categories. By tapping “Accept” at the end of this Privacy Policy, you consent to Namida Lab collecting and using your information as described below. You may have been invited to use the Service from a sponsoring third party such as your healthcare provider, health insurance provider, employer, care manager, or as part of a clinical study (your “Sponsor”). It is your choice whether or not to provide us with such information but if you decline, you may not be able to use part or all of our Service as some information is necessary. You can change some privacy settings at any time by going into the mobile application settings.

What information Namida Lab collects

1. Information you provide: We may ask and collect information such as your name, email address, phone number, address, birthdate, and gender to register your account as well as other information in the below categories. We use this information to manage your account, verify your identity, and deliver the Service to you.

2. Information we receive from third parties: We may receive information about you, including what is listed in other categories, from your Sponsor or other third parties as directed by your Sponsor. This information may include demographic information, medical history, health insurance information, or other information that your Sponsor has directed us to process. We use this information to fulfill contractual obligations to your Sponsor, as directed by your Sponsor, and to deliver the Service to you. The collection, processing, and sharing of this information is controlled by your Sponsor.

3. Health Information: Since we are a health-related application, we collect information about your health. This category can include diagnoses, symptoms, medical procedures, medications, discharge dates, clinical notes, physical characteristics, provider information, and other biometric information. We use this information to provide the Service to you such as using your medication information to provide medication notifications.

4. Communications: We collect the content of communications made through our Service between your Sponsor and you. This content can include information under other categories as well as any other information you decide to communicate. We use this content to provide you a record of your communications as well as use it in de-identified form as discussed below.

5. Integration data: We may use automated methods to track data from your other apps, fitness wearables, biometric monitoring devices, and other integrations that you have allowed to communicate with our Service. This integration data is then contained in our application for both you and your Sponsor to see and use. You may be prompted to provide access to the camera functionality of your device, we use this access to scan for optical character recognition (OCR) features, and to allow you to include attachments in communications. We do not otherwise collect images or recordings you have on your device. If using the Android version of our app, you may be prompted to allow access to location data for the purposes of the Bluetooth connection, however, we do not collect your location data.

6. Information unrelated to the application: Namida Lab may also collect personal information outside of the Service such as through our websites. This information can include your browsing activities on our site, your IP address, cookie information, and the pages you request. We use this information for such uses including security, content improvements, sales, and marketing.

7. Analytics information: We may collect usage data about how you use our Service such as how you use the application, what content you read and favorite, content of messages within our Service, integration data, and device information. We use this analytics information to improve the Service for you, your Sponsor, and other users.

8. Log files: To maintain security, fulfill compliance requirements, and generally make sure the Service is operating correctly, we collect information such as IP addresses, server requests, login events, device information, crash reports, usage activity, or other information to discover and

respond to events indicating possible service interruptions, security threats, fraud, or other illegal activity. We may also use this information to enforce our EULA, for compliance, and other legal obligations. Where feasible we limit the identifiable and sensitive information contained in these log files.

9. Support information: If you contact us regarding questions, issues, or requests regarding the use of our Service, our support team may view your Personal Information, as well as any additional information you provide, in order to assist. We may also ask follow-up questions to gather more information as necessary to address your issue. This information is stored as a record of your support request.

10. Optional information: We may also collect additional information, with your consent, that is not necessary for use of our Services such as product feedback, surveys, usage analytics, and testimonials. We use this information to improve and market our Service. Your Sponsor may request this information as well to improve their products and services. You have the right to object to processing of your personal data for direct marketing purposes by contacting help@namidalab.com or by using the “unsubscribe” link in an email you receive.

Sharing

Namida Lab does not rent, lease, or sell your Personal Information. We share your Personal Information with your Sponsor as per our agreement with your Sponsor that allows you to use the Service. Your Sponsor may share your Personal Information or direct us to share your Personal Information to third parties such as your Sponsor’s affiliates or service providers. Your Sponsor may also provide us Personal Information or direct us to use your Personal Information in ways not specifically mentioned above. Contact your Sponsor to learn more about how they use your Personal Information.

To provide the Service, we may also share your Personal Information with our service providers and subcontractors for functionality, to communicate with you, measure performance, or improve our product. We may also disclose your Personal Information in response to a legal process, such as a law enforcement action, a subpoena, or to demonstrate compliance. Finally, we may transfer your Personal Information to an entity or individual that attempts or does acquire, buy, or merge with all or part of Namida Lab, or through some other business reorganization.

Machine Learning

Parts of the Service may involve the use and development of machine learning. Machine learning includes the use of computer algorithms to automatically detect patterns in data. To develop, support, and use these algorithms we may use the information categorized above and De-identified Information as defined below. We use machine learning to provide functionality, improve your experience, provide services to your Sponsor, optimize our operations, and other related business purposes.

De-identified Information

In addition to the categories and uses above, we may remove the identifiable parts of your Personal Information to create de-identified information (“De-identified Information”). De-identified Information may be combined with other information into aggregated datasets. We use De-identified Information in the following ways:

1. Disclosure for Business Purposes: We may license, use, disclose, or otherwise share De-identified Information with institutional clients, partners, investors, and contractors for any purposes related to our business practices.

2. Product Improvement: We may use De-identified Information for product improvement including the Service including the development of machine learning algorithms.

3. Research: We may use De-identified Information for research whether scientific, marketing, or business in nature. This research may be made public through publications such as within a scientific journal.

STORAGE AND RETENTION

Your Personal Information will be stored in our cloud hosting provider’s data centers within the United States. We retain your Personal Information for as long as reasonably necessary to provide you the Service, as per your Sponsor’s instructions, or to comply with legal obligations. For details about where and how long your Sponsor stores your Personal Information, please contact your Sponsor. We may retain De-identified Information indefinitely.

CONFIDENTIALITY AND SECURITY

Namida Lab has a legal duty under HIPAA to protect your Personal Information as a Business Associate of your Sponsor. We have put in place reasonable physical, technical, and administrative controls designed to safeguard against the unauthorized access, maintain data security, and correctly use your Personal Information. Any third-party service providers we use must undergo a vetting process and sign confidentiality agreements before we utilize them to provide the Service. Some of these security measures rely upon you. Please keep your login credentials secret, avoid public Wi-Fi networks, and log out of any shared devices. If you ever suspect a security issue with your account, contact help@namidalab.com immediately.

CHILDREN

Our Service is not directed to children. Namida Lab does not knowingly collect Personal Information from children under the age of 13 except with permission of a child’s parent or legal guardian through our caregiver account feature. If we find that we collected Personal Information from a child under the age of 13 without proper consent, we will immediately delete that Personal Information.

RIGHTS TO PERSONAL INFORMATION

You or an authorized agent, such as a parent or authorized caretaker, may request access, changes, or deletions to your Personal Information and request information about our collection, use and disclosure of such information by contacting us at help@namidalab.com. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us or your Sponsor of any changes to your Personal Information as soon as possible. Since we are a HIPAA Business Associate of your Sponsor, we may need to forward your request to your Sponsor who will ultimately decide on how to accommodate your request. Your Sponsor may fulfill your request directly or instruct us to assist in some way, and in the latter case we will coordinate with them to promptly fulfill your request. We, or your Sponsor, may require you to verify your identity before fulfilling the request such as through asking you to log into the app, providing a verification code,

answering security questions, or some other means. We may also deny your request when required by law or if the request would likely reveal Personal Information about another individual.

GENERAL

The Service may contain links or deep links to other websites, open search results, public feeds, or curated channels all of which are independent from Namida Lab. Namida Lab has no control and is not responsible for the content, privacy practices, or advertisements on third party websites or for any loss or damage incurred in connection with your use of such links or dealings with the operators of these non-Namida Lab websites. We encourage you to review the privacy statements of each third-party website. Namida Lab is not responsible for any disclosures you make to third parties regarding your Personal Information, including family members or friends.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time by posting a new version online and within our application. You should check this page occasionally to review any changes as well as within the settings section of our app. If we make any material changes, we will notify current users by providing notice through the Namida Lab app or via email. We may request your consent to the new terms; otherwise, your continued use of the Service, or continued provision of Personal Information to us, will be subject to the terms of the then-current Privacy Policy.

YOUR CALIFORNIA PRIVACY RIGHTS

Certain California privacy laws, including the California Consumer Privacy Act (“CCPA”) require that we provide California residents specific information about how we use their personal information.

Categories of Personal Information that We Collect, Disclose, and Sell

Below please find the categories of personal information about California residents that we collect, sell, and/or disclose to third parties or service providers for a business purpose.

Categories of personal information

Do we collect?

Do we disclose for business purposes?

Do we sell?

NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

YES

YES

YES

CUSTOMER RECORDS: Paper and electronic customer records containing personal information, such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

YES

YES

YES

PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.

YES

YES

YES

PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

YES

YES

BIOMETRIC INFORMATION: Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

YES

YES

YES

USAGE DATA: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.

YES

YES

YES

GEOLOCATION DATA: Geographic location information about a particular individual or device

YES

YES

YES

AUDIO/VISUAL: Audio, electronic, visual, thermal, olfactory, or similar information.

YES

YES

YES

EMPLOYMENT HISTORY: Professional or employment-related information.

YES

YES

YES

EDUCATION INFORMATION: Information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

YES

YES

YES

PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

YES

YES

California Consumer Rights

California law gives consumers the right to make the following requests, up to twice every 12 months:

  • • The right to request a copy of the personal information that we have collected about you in the prior 12 months.
  • • The right to request details about the categories of personal information we collect, the categories of sources, the business or commercial purposes for collecting information, and the categories of third parties with which we share information.
  • • The right to request deletion of the personal information that we have collected about you, subject to certain exemptions.
  • • The right to opt-out of sale of your personal information. To exercise your opt-out rights, please contact us at the contact information below.

The CCPA prohibits discrimination against California consumers for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California consumers related to their personal information, unless the different prices, rates, or quality of goods or services are reasonably related to the value of the consumer’s data. We do not discriminate against consumers when they exercise their CCPA rights.

CONTACT

If you have questions or suggestions about this Privacy Policy, please email Namida Lab at help@namidalab.com, call 479-334-2834, or write to us at:

Namida Lab, Inc. ATTN: Privacy Officer 1905 E Mission Blvd. Suite 6 Fayetteville, AR 72703, USA