mySugr GmbH
MYSUGR SERVICES CALIFORNIA SUPPLEMENTAL PRIVACY NOTICE

Version dated March 4th, 2021

This policy is reviewed at least once a year and may be amended from time to time. The applicable version of this privacy notice as amended can be viewed on our website www.mysugr.com

The California Consumer Privacy Act of 2018 (CCPA) gives California residents the right to know what personal information mySugr collects about them, including whether it is being sold or disclosed to third-parties, and the right to prevent mySugr from selling that information.

DEFINITION OF PERSONAL INFORMATION UNDER CCPA

California law defines ‘Personal Information’ to mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to the categories of personal information identified below if such information identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.

Most companies need to collect and share consumers’ Personal Information for everyday business purposes, marketing, and maintenance of the safety, security, and integrity of their websites and other assets, to comply with legal and regulatory obligations, among other reasons. This supplemental notice provides the information required under the CCPA and applies to both mySugr’s online and offline activities.

The types of Personal Information we collect and disclose depends on your relationship with mySugr. Not all of the categories listed below may apply to you. If the nature of your relationship with mySugr changes, additional categories of Personal Information may also apply. In some cases, an additional data privacy notice may apply and will be provided to you.

CCPA NOTICE ON COLLECTION OF YOUR PERSONAL INFORMATION. If you are a California resident, the following overview details how we collect, use and share your Personal Information:

• Contact Information (Details)
• Physical Characteristics or Description (Details)
• Health Insurance Data (Details)
• Commercial Information (Details)
• Transaction and Interaction Information (Details)
• Inferred and Derived Information (Details)
• Internet and Online/ Electronic Technical Information (Details)
• Audio Visual Information (Details)
• Financial information (Details)
• Health Information (Details)
• Geolocation Data (Details)
• Children’s Data (Details)
• Compliance Data (Details)
• Professional Information (Details)
• Written Signature (Details)

Contact Information

(back to overview)

---

We collect this type of information from:

• You
• Those authorized to provide on your behalf such as your caregiver or authorized representative.

We assign a customer number to you when you contact us for assistance or register a complaint.

• Third parties, such as ad delivery companies who place cookies containing advertising IDs on your devices for us.
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Consumer reporting agencies and other third parties who verify the information you provide.
• Third parties who help us maintain the accuracy of our data and data aggregators that help us complete and enhance our records.
• Third parties who provide digital marketing and analytics services for us using cookies and similar technologies that contain a unique identifier, such as an advertising ID.

Data elements in this category include:

• Full name, or unique pseudonym
• Honorifics and titles, preferred form of address
• Postal address
• Email address
• Phone Number
• Contact information for related persons, such as authorized users of your account
• Company ID number [customer number, account number, subscription number, rewards program number etc.]
• System identifiers (e.g., usernames or online credentials)
• Device identifier
• Advertising ID
• Customer number
• IP address
• Social security number
• Service Request ID number
• Cookie ID

We use this type of information:

• To identify you and communicate with you
• To send transactional messages such as confirmations or responses for assistance
• To send marketing communications, surveys and invitations
• To personalize our communications and provide customer service
• To administer and manage events
• To identify you or your device, including to associate you with different devices that you may use
• For record-keeping and reporting, including for data matching
• For metrics and analytics,
• To track your use of products, services, websites, including for ad delivery and personalization
• To troubleshoot product issues
• To determine and verify program, product, and service eligibility and coverage.
• To enroll you in our programs and provide our products and services to you.
• To administer, manage, analyze, and improve our programs, products, and services.
• To procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations.
• To analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
• To conduct internal business analysis and market research.
• Advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
• To engage in joint marketing initiatives.
• To administer, provide access to, monitor, and secure our information technology systems, websites, applications, databases, and devices.
• To provide access to, monitor, and secure our facilities, equipment, and other property.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations.
• To identify you and your device(s) for any/all purposes identified above, including to monitor your use of and interactions with programs, products, services, and advertisements for such purposes.
• To evaluate a potential employment or contractor relationship with you.
• To perform background checks and verify past employment, educational history, and professional standing and qualifications.
• To evaluate, determine, and arrange compensation, payroll, and benefits.
• To assess your fitness for work.
• To contact you regarding your application and potential employment or contractor relationship with us.
• For our everyday business purposes.

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service Providers, including to social media companies such as Facebook which use the data only to identify which of our customers use their platforms so that we can deliver ads to you on the platform
• Service providers such as companies who help manage and coordinate events
• Third parties who deliver our communications, such as the postal service and couriers
• Other third parties (including government agencies) as required by law, such as pursuant to legally binding subpoenas, court orders, and similar instruments)
• Service providers, including companies who assist with our information technology and security programs
• Third party advertising network companies, when you opt-in via our cookie banner to have such Personal Information disclosed for advertising (see Third Party Advertising below)
• Third parties who assist with fraud prevention, detection and mitigation
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties with whom we have joint marketing and similar arrangements.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Payment processors, financial institutions, and others as needed to complete transactions and for authentication, security, and fraud prevention.
• Other third parties as necessary to complete transactions and provide our products/services, including delivery companies, agents, and manufacturers.
• Third parties who provide marketing and data analytics services, such as social media platforms used to deliver our ads, website/email optimization providers, email marketing vendors, and data analytics vendors..
• Consumer reporting agencies.
• Our lawyers, auditors, and consultants.
• Legal and regulatory bodies and other third parties as required by law.

Physical Characteristics or Description

(back to overview)

---

We collect this type of information from:

• You (directly from participant).
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members,and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Third parties that provide access to information you make publicly available, such as social media platforms.
• Third parties who provide us with supplemental consumer data or data analytics and market research services, such as data aggregators.

Data elements in this category include:

• Height
• Weight
• Hair & eye color
• Age
• Gender
• Race and Ethnicity
• Religion
• Information concerning sexuality or sex life
• Disability
• Other

We use this type of information:

• To help manage emergency incidents that occur on campus or involve company property
• To determine and verify program, product, and service eligibility and coverage.
• To administer, manage, analyze, and improve our programs, products, and services.
• To analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
• To conduct internal business analysis and market research.
• To comply with legal and regulatory obligations.
• For our everyday business purposes.

We may disclose this type of information to our Affiliates and Service Providers and to:

• Emergency personnel
• Service Providers which use the data only to assist in incident management and reporting
• Service providers, including those who help administer our call center hosting platforms and phone systems
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties with whom we have joint marketing and similar arrangements.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Other third parties as necessary to complete transactions and provide our products/services.
• Our lawyers, auditors, and consultants.
• Legal and regulatory bodies and other third parties as required by law.

Health Insurance Data

(back to overview)

---

We collect this type of information from:

• You
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.

Data elements in this category include:

• Policy Number
• Reimbursement Data
• Co-pay data
• Coverage amount data
• Health values, sensor reading data (e.g. HBA1C,blood glucose, etc.)
• Subscriber identification number
• Claims history
• Co-pay data
• Benefits information

We use this type of information:

• When you utilize health tests
• For billing support
• To determine and verify program, product, and service eligibility and coverage.
• To administer, manage, analyze, and improve our programs, products, and services.
• To procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations.
• To analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
• To conduct internal business analysis and market research.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations.
• For our everyday business purposes.

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service Providers, including to companies assisting in program administration
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Other third parties as necessary to complete transactions and provide our products/services.
• Our lawyers, auditors, and consultants.
• Legal and regulatory bodies and other third parties as required by law.

Commercial Information

(back to overview)

---

We collect this type of information from:

• You
• Third parties that provide access to information you make publicly available, such as social media.
• Third parties that provide information that helps us understand our customers, including data aggregators and public records providers.
• We may also infer information about you based on information that you have given us and your past interactions with us and other companies.
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Consumer reporting agencies.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Other third parties who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners.

Data elements in this category include:

• Propensity scores obtained from third parties, such as likelihood that you may be interested in certain purchases or experiencing life events
• Products or services you have purchased
• Records of products or services purchased, obtained, or considered
• Records of program enrollment and activity

We use this type of information:

• To better understand you and to understand our customers generally
• To design products, services and programs including subscription and special offer programs
• To identify prospective customers
• For internal business purposes, such as quality control, training and analytics
• To enroll you in our programs and provide our products and services to you.
• To administer, manage, analyze, and improve our programs, products, and services.
• To communicate with you regarding our programs, products, and services.
• To procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations.
• To analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
• To conduct internal business analysis and market research.
• To engage in joint marketing initiatives.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations.
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Third parties with whom we have joint marketing and similar arrangements
• Service Providers, including companies who assist us in program administration
• Our lawyers, auditors and consultants
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties with whom we have joint marketing and similar arrangements.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Payment processors, financial institutions, and others as needed to complete transactions and for authentication, security, and fraud prevention.
• Other third parties as necessary to complete transactions and provide our products/services.
• Third party network advertising partners.
• Consumer reporting agencies
• Legal and regulatory bodies and other third parties as required by law.

Transaction and Interaction Information

(back to overview)

---

We collect this type of information from:

• You
• Third parties that provide access to information you make publicly available, such as social media.
• Automatically, such as when you interact with our websites or mobile apps.

Data elements in this category include:

• Personal characteristics and preferences, such as your age range, marital and family status, shopping preferences, languages spoken
• Subscription program data
• Household demographic data
• Data from social media profiles, such as Facebook, Twitter, LinkedIn and similar platforms
• Education information
• Professional information
• Hobbies and interests

We use this type of information:

• To fulfill our business relationship with you, including customer service
• For recordkeeping and compliance, including dispute resolution
• For internal business purposes, such as finance, quality control, training, reporting and analytics
• For risk management, fraud prevention and similar purpose
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Third parties with whom we have joint marketing and similar arrangements
• Service providers, including third parties as needed to complete the transaction, including delivery companies, agents and manufacturers
• Our lawyers, auditors and consultants
• Customers, in connection with their audits of mySugr
• Other third parties as required by law

Inferred and Derived Information

(back to overview)

---

We create inferred and derived data elements by analyzing our relationship and transactional information.

We draw inferences from the information we collect from and about you, such as your preferences, characteristics, attributes, and abilities.

Data elements in this category include:

• Propensities, attributes and/or scores generated by internal analytics programs and used for marketing
• Propensities, attributes and/or scores generated by internal analytics programs and used for information security and fraud purposes
• Preferred language
• Inferences reflecting a consumer’s wellness, health, preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes, or other inferred data.

We combine inferred data with other relationship information and use this type of information:

• To better understand you and to understand our customers generally
• To design products, services and programs that delight our customers, including subscription programs
• To identify prospective customers
• For internal business purposes, such as quality control, training and analytics
• To administer, manage, analyze, and improve our programs, products, and services
• To analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
• For advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
• To engage in joint marketing initiatives.
• To administer, provide access to, monitor, and secure our information technology systems, websites, applications, databases, and devices.
• To comply with legal and regulatory obligations
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service providers, including those who analyze data on our behalf and who help execute programs
• Our lawyers, auditors and consultants
• Third parties with whom we have joint marketing and similar arrangements
• Legal and regulatory bodies and other third parties as required by law.

Internet and Online/ Electronic Technical Information

(back to overview)

---

We collect this type of information from:

• You and from your computer or devices when you interact with our platforms, websites and applications. For example, when you visit our websites, our server logs record your IP address and other information.
• Automatically, via technologies such as cookies, web beacons, when you visit our website or other websites.
• Third parties, including computer security services and advertising partners We also associate information with you using unique identifiers collected from your devices or browsers.
• Third parties who provide website and online security services.

Data elements in this category include:

• IP Address
• MAC Address, SSIDs or other device identifiers or persistent identifiers
• Online user ID
• Password
• Device characteristics (such as browser information)
• Web Server Logs
• Application Logs
• Browsing and search history
• Viewing Data (site and app usage)
• First Party Cookies
• Third Party Cookies
• Web beacons, clear gifs and pixel tags
• Internet service provider
• Referring/exiting URL
• Request/response date and time
• Clickstream data
• Ads and web pages viewed
• Time spent on a web page or mobile app
• Other information regarding your interactions with our websites, applications, emails, and advertisements

We use this type of information:

• For system administration, technology management, including optimizing our websites and applications,
• For information security and cybersecurity purposes, including detecting threats
• For recordkeeping, including logs and records that are maintained as part of Transaction Information
• To better understand our customers and prospective customers and to enhance our Relationship Information, including by associating you with different devices and browsers that they may use
• For online targeting and advertising purposes subject to choices made via the Cookie Banner
• To administer, manage, analyze, and improve our programs, products, and services.
• To conduct internal business analysis and market research.
• For advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
• To engage in joint marketing initiatives.
• To administer, provide access to, monitor, and secure our information technology systems, websites, applications, databases, and devices.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations.
• To identify you and your device(s) for any/all purposes identified above, including to monitor your use of and interactions with programs, products, services, and advertisements for such purposes
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service providers including companies who assist with our information technology and security programs, including companies such as network security services who retain information on malware threats detected
• Service providers who assist with fraud prevention, detection and mitigation
• Third party advertising network companies, when you opt-in via our cookie banner to have such Personal Information disclosed for advertising (see Third Party Advertising below)
• Our lawyers, auditors and consultants
• Third parties who provide marketing and data analytics services, such as social media platforms used to deliver our ads, website/email optimization providers, email marketing vendors, and data analytics vendors.
• Legal and regulatory bodies and other third parties as required by law

Audio Visual Information

(back to overview)

---

We collect this type of information from:

• You
• Automatically, such as when we record calls to our call center and use CCTV cameras in our facilities.
• Companies conducting non-clinical research such as market research companies.
• Third parties that provide access to information you make publicly available, such as social media.

Data elements in this category include:

• Photographs
• Video images,
• CCTV recordings
• Call center recordings and call monitoring records

We use this type of information:

• For internal business purposes, such as call recordings used for training, coaching or quality control
• For relationship purposes, such as use of photos and videos for social media purposes
• For premises security purposes and loss prevention
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service providers, including companies who assist with our information technology and security programs, and our loss prevention programs
• Service providers, including companies who conduct market research on our behalf
• Our lawyers, auditors and consultants
• Other third parties as required by law

Financial information

(back to overview)

---

We collect this type of information from:

• You
• Payment processors and other financial institutions.
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Third parties who assist with fraud prevention, detection, and mitigation.

Data elements in this category include:

• Bank account number and details (if you use automated payments)
• Payment card information
• Debit or credit card number
• Bank account number and routing information
• Payment and reimbursement amounts

We use this type of information:

• To fulfill our business relationship with you, including processing payments, issuing refunds and collections
• For recordkeeping and compliance, including dispute resolution
• For internal business purposes, such as finance, audits, training, reporting and analytics
• For risk management, fraud prevention and similar purpose
• To determine and verify program, product, and service eligibility and coverage.
• To enroll you in our programs and provide our products and services to you.
• To administer, manage, analyze, and improve our programs, products, and services.
• Reimburse customers, satisfy warranty obligations, and fulfill payment obligations.
• To procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service providers, including payment processors, financial institutions and others as needed to complete the transactions and for authentication, security and fraud prevention
• Our lawyers, auditors and consultants
• Customers, in connection with their audits of mySugr
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Payment processors, financial institutions, and others as needed to complete transactions and for authentication, security, and fraud prevention.
• Other third parties as necessary to complete transactions and provide our products/services.
• Consumer reporting agencies.
• Legal and regulatory bodies and other third parties as required by law

Health Information

(back to overview)

---

We collect this type of information from:

• You
• Healthcare providers
• Health insurance companies We may infer health information about you based on other information, including and lifestyle factors.
• Healthcare providers (including specialty pharmacies).
• Authorized/legal representatives, family members,and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services

Data elements in this category include:

• Information about physical or mental health, disease state, medical history or medical treatment or diagnosis, medicines taken
• Name/Contact of a patient’s healthcare providers
• General disease or product interest
• Health insurance company
• Insurance account number
• Information on payment for healthcare services [EOB forms, HSA statements. claims data, claims assistance records)
• Health plan beneficiary names/numbers
• Information needed to accommodate disabilities
• Information about workplace accidents and occupational safety
• Medical record information, such as medical diagnosis, disease information, and treatment history
• Health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
• Drug allergies
• Prescriptions and dosing
• Medical appointment dates

We use this type of information:

• To determine and verify program, product, and service eligibility and coverage.
• To enroll you in our programs and provide our products and services to you.
• To administer, manage, analyze, and improve our programs, products, and services.
• To procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations.
• To analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
• To conduct internal business analysis and market research.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations
• For our everyday business purposes.

We may disclose this type of information to our Affiliates and Service Providers and to:

• Healthcare providers (including specialty pharmacies), health insurance companies (health plans), other payors and others as needed to provide the contemplated services or transactions involving the data, such as for processing health care payments
• Our lawyers, auditors and consultants.
• Other third parties as permitted by HIPAA and/or CMIA for treatment, payment and authorization.
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Other third parties as necessary to complete transactions and provide our products/services.
• Legal and regulatory bodies and other third parties as required by law.

Electronic and Sensor Data

(back to overview)

---

We collect this type of information automatically when you use our internet-enabled products such as mobile apps and connected devices from:

• You (directly from the participant).
• When you contact or visit us (automatically), such as when we record calls to our call center or use CCTV cameras in our facilities.
• Your mobile devices and other internet-connected devices and applications (automatically).
• Third parties that provide access to information you make publicly available, such as social media platforms.

Data elements in this category include:

• Smart device records
• IoT products
• Health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
• Recording of a customer service call
• Recording from a CCTV camera in our facilities

We use this type of information:

• To enable product functionality
• For internal business purposes, such product development, security, and quality control
• To administer,manage, analyze, and improve our programs, products, and services.
• To analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
• To administer, provide access to, monitor, and secure our information technology systems, websites, applications, databases, and devices.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To provide access to, monitor, and secure our facilities, equipment, and other property.
• To comply with legal and regulatory obligations.
• To identify you and your device(s) for any/all purposes identified above, including to monitor your use of and interactions with programs, products, services, and advertisements for such purposes
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service providers, including companies who assist with our information technology and security programs, including network security services and cybersecurity
• Service providers, including companies who assist with fraud prevention, detection and mitigation
• Third party network advertising partners
• Our lawyers, auditors and consultants
• Healthcare providers (including specialty pharmacies), health insurance companies (health plans), other payors and others as needed to provide the contemplated services or transactions involving the data, such as for processing health care payments
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Third parties who provide marketing and data analytics services, such as social media platforms used to deliver our ads, website/email optimization providers, email marketing vendors, and data analytics vendors.
• Third parties who assist with our information technology and security programs.
• Third parties who assist with fraud prevention, detection, and mitigation.
• Other third parties as necessary to complete transactions and provide our products/services.
• Other third parties as required by law

Geolocation Data

(back to overview)

---

We collect this type of information automatically from your mobile device and computer when you visit or interact with our websites, applications, and online platforms.

Data elements in this category include:

• Precise location data
• Geofencing data

We use this type of information:

• Provide the information, products or services requested
• For information security and fraud prevention
• For our Everyday Business Purposes
• To administer, manage, analyze, and improve our programs, products, and services.
• To conduct internal business analysis and market research.
• For advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
• To administer, provide access to, monitor, and secure our information technology systems, websites, applications, databases, and devices.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations

We may disclose this type of information to our Affiliates and Service Providers and to:

• Third parties who assist with our information technology and security programs
• Third parties who assist with fraud prevention, detection and mitigation
• Our lawyers, auditors and consultants
• Third parties who provide marketing and data analytics services, such as social media platforms used to deliver our ads, website/email optimization providers, email marketing vendors, and data analytics vendors.
• Legal and regulatory bodies and other third parties as required by law.

Children’s Data

(back to overview)

---

We collect this type of information from children when they use our apps and from parents or guardians. This is done in accordance with applicable laws.

Data elements in this category include:

• Child’s name
• Child’s age
• Product usage data
• Health information

We use this type of information:

• To provide the information, products or services requested by the child or by the child’s parent or guardian
• So that we know who is visiting our facilities
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Service providers, including those who help administer our call center hosting platforms and phone systems
• Service providers who host our websites and mobile apps
• Other third parties as required by law
• Our lawyers, auditors and consultants

Compliance Data

(back to overview)

---

We collect this type of information from:

• You
• Third parties, including companies that help us conduct internal investigations.
• Third parties, such as consumer reporting agencies and data aggregators who conduct background screening for us.

Data elements in this category include:

• Compliance program data, including customer screening records, and other records maintained to demonstrate compliance with applicable laws, such as tax laws, ADA, et al.
• Occupational and environmental safety records
• Records relating to complaints and internal investigations, including compliance hotline reports
• Records of privacy and security incidents , including any security breach notifications

We use this type of information:

• To comply with and demonstrate compliance with applicable laws
• For legal matters, including litigation and regulatory matters, including for use in connection with civil, criminal, administrative, or arbitral proceedings, r before regulatory or self-regulatory bodies, including service of process, investigations in anticipation of litigation, execution or enforcement of judgments and orders
• For internal business purposes, such as risk management, audit, internal investigations, reporting, analytics
• For our everyday business purposes

We may disclose this type of information to our Affiliates and Service Providers and to:

• Our lawyers, auditors and consultants.
• Customers, in connection with their audits of mySugr
• Other third parties (including government agencies, courts and opposing law firms, consultants, process servers and parties to litigation) in connection with legal matters

Professional Information

(back to overview)

---

We collect this type of information from:

• You (directly from participant).

Data elements in this category include:

• Employer and job title
• Information included in a patient’s IRS 1040 form

We use this type of information:

• To determine and verify program, product, and service eligibility and coverage.
• To conduct internal business analysis and market research.
• To comply with legal and regulatory obligations
• For our everyday business purposes.

We may disclose this type of information to our Affiliates and Service Providers and to:

• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.
• Our lawyers, auditors, and consultants.
• Legal and regulatory bodies and other third parties as required by law

Written Signature

(back to overview)

---

We collect this type of information from:

• You (directly from participant).
• Healthcare providers (including specialty pharmacies).
• Health insurance companies (health plans) and other payors.
• Authorized/legal representatives, family members, and caregivers.
• Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.

Data elements in this category include:

• Your signature on a patient consent form or program enrollment form

We use this type of information:

• To determine and verify program, product, and service eligibility and coverage.
• To enroll you in our programs and provide our products and services to you.
• To procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations.
• To engage in joint marketing initiatives.
• To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
• To comply with legal and regulatory obligations
• For our everyday business purposes.

We may disclose this type of information to our Affiliates and Service Providers and to:

• Healthcare providers (including specialty pharmacies), health insurance companies (health plans), other payors and others as needed to provide the contemplated services or transactions involving the data, such as for processing health care payments
• Authorized/legal representatives, family members, and caregivers.
• Third parties with whom we have joint marketing and similar arrangements.
• Payment processors, financial institutions, and others as needed to complete transactions and for authentication, security, and fraud prevention.
• Other third parties as necessary to complete transactions and provide our products/services.
• Our lawyers, auditors, and consultants.
• Legal and regulatory bodies and other third parties as required by law.

Your Rights Under CCPA. In addition, California residents have certain rights with respect to mySugr’s use and disclosure of personal information about California consumers. The exercise of these rights is free of charge:

Right of Access | Right to Notice. If you are a California resident, you have the right to request that mySugr discloses to you the categories of personal information we have collected about you, the categories of sources from which the Personal Information is collected, the business purpose or commercial purpose for collecting or selling Personal Information, the categories of third parties with whom we share Personal Information, the categories of Personal Information we have disclosed about you for a business purpose. You also have the right to request that we provide you with a copy of the specific pieces of Personal Information we have collected about you in the preceding 12 months.

Right to Deletion. If you are a California resident, you have the right to request that mySugr deletes the Personal Information we collect from you. However, in certain situations we are not required to delete your Personal Information, such as when the information is necessary in order to complete the transaction for which the personal information was collected, to provide a good or service requested by you, to comply with a legal obligation, to engage in research, to secure our websites or other online services, or to otherwise use your Personal Information internally in a lawful manner that is compatible with the context in which you provided the information.

Right Not to Be Subject to Discrimination. mySugr shall not discriminate against a consumer because the consumer exercised any of the consumer’s California rights described above.

To exercise any of the rights described above, you can:

• Email us at privacy@mysugr.com

THANK YOU FOR YOUR CONFIDENCE IN US!