Enzo Health

ENZO HEALTH PRIVACY POLICY

Last modified: July 10, 2024

Enzo Health Technology, Inc. ("Enzo Health" or "we" or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy (our "Privacy Policy") describes the information we collect, how we collect information, and the reasons we collect information. This Privacy Policy also describes the choices you have regarding the information Enzo Health collects, including how you can manage, update, or request to delete information.

Please take a moment to review this Privacy Policy. You may scroll through this Privacy Policy or use the headings below. It is important that you understand this Privacy Policy. By using our Platform, you are agreeing to the terms of this Privacy Policy. If you have any questions or concerns about this Privacy Policy, you may contact us at any time using the Contact Information at the end of this Policy.

If you do not agree with our policies and practices, your choice is to not use our Platform. By accessing or using our Platform, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Platform after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

CONTENTS

Key Terms & Definitions and Scope of our Privacy Policy

It is helpful to start by explaining some of our key terms and definitions used in this Privacy Policy.

  • App: Our mobile or internet applications, including Enzo Clinical Summary and Enzo QA.
  • Personal Information or Personal Data: Information identifying, relating to or about an identified or identifiable individual, as described more fully in this Policy.
  • Platform: Our Websites, Apps, and related functionality and online services, as applicable.
  • Privacy Policy or Policy: This privacy policy.
  • Products: Any products available for purchase on or through our Platform, or that we otherwise provide or sell to you.
  • Services: Any services provided through our Platform, which may be for purchase at a charge, or included at no charge as part of our Platform, or that we otherwise provide or sell to you.
  • Website: Our websites located at enzo.health.
  • Enzo Health, we, us: Enzo Health.

Please refer to our Glossary for additional explanations of terms and phrases used in this Policy.

When does our Privacy Policy apply?

This Privacy Policy describes the types of information we may collect from you when you visit or use our Platform or any components of our Platform, and when we communicate with you electronically, such as through our Platform, email, text message and other electronic messages between Enzo Health and you.

When does our Privacy Policy not apply?

This Privacy Policy does not apply to information (a) we collect from you through any offline or in-person or face-to-face interactions we have with you, or through an audio-only telephone conversations; (b) by any other websites or platforms operated by us, unless the website or platform is listed above or links to this Privacy Policy; (c) collected by any third-party website that we may provide a link to or that is accessible from our Platform; or (d) covered in part or in whole by a separate privacy policy provided by us (e.g., relating specifically to health information, financial information, other special information).

What about Privacy and Use of Health Information?

Enzo Health is not a medical group or a health care provider. This Privacy Policy does not apply to health information collected from users who log-in to the password-protected and secure portions of our Platform ("Secure Platform"). All information collected and stored by us or added by Customers into such Secure Platforms is considered Protected Health Information ("PHI") and/or medical information and is governed by applicable state and federal laws that apply to that information, for example the Health Insurance Portability and Accountability Act ("HIPAA"). We will not use or disclose information collected from the Secure Platform or received from you for advertising, marketing, or other use-based data mining purposes. We will not sell any PHI.

Terms of Use.

This Privacy Policy is incorporated into and governed by our Terms of Use, which is found at enzo.health/terms, incorporated herein by reference.

Personal Information

What is Personal Information?

Personal Information is information that you provide to us which personally identifies you, such as your name, email address, or billing information, or other data that can be reasonably linked to such information by Enzo Health, such as information we associate with your Enzo Health account.

What types of Personal Information do we collect?

We collect and use Personal Information in order to operate and provide our Platform to you, including our Products and Services. You may provide Personal Information to us, and we may collect Personal Information from you automatically as you use and navigate through our Platform.

Why and How We Use Your Personal Information

As described more fully below, we use information that we collect about you or that you provide to us, including any Personal Information for the following purposes:

  • Provide our Platform and related services to you.
  • Provide you with information, Products, or Services that you request or purchase from us.
  • Process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • Support, develop, troubleshoot, and debug our Platform, Products, and Services.
  • Create, maintain, customize, and secure your account with us.
  • Provide you with notices about your account, including subscription notices and reminders, and expiration and renewal notices.
  • Provide you with support for the Platform and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • Personalize your Platform experience and to deliver content and Product and Service offerings relevant to your interests.
  • Administer surveys and questionnaires.
  • Provide you information about products and services, and other information that may be of interest to you, including through newsletters.
  • Authenticate use, detect fraudulent use, and otherwise maintain the security of our Platform.
  • Help maintain the safety, security, and integrity of our Platform, Products, and Services.
  • Internal testing, research, analysis, and product development, including to develop and improve our Platform, and to develop, improve, or demonstrate our Products and Services.
  • Auditing relating to a current interaction with you and concurrent transactions, including, but not limited to, counting advertising impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with any applicable specification and other standards.
  • Detecting security incidents, responding to, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • To respond to law enforcement requests, court orders, and subpoenas and to carry out our legal and contractual obligations.
  • Notify you about changes to our Platform or any Products or Services we offer or provide though it.
  • Allow you to participate in interactive features on our Platform.
  • In any other way we may describe when you provide the information.
  • Fulfill any other purpose for which you provide it.
  • For any other purpose with your consent.

Why and How We Share Your Personal Information

We share Personal Information with third parties under certain circumstances and for certain purposes described throughout this Policy, including:

  • Service providers and others to operate our Platform and Services. We share your Personal Information with our affiliates, vendors, service providers, and business partners, including providers and vendors we use for operating and maintaining our Platform, and its features, functionality and Services. These third parties include data hosting and data storage partners, analytics, technology services and support, and data security. We contractually require these third parties to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
  • Our business purposes. We may share your Personal Information with our affiliates, vendors, service providers, and business partners, including providers and vendors we use for our business activities and operations generally, such as data hosting and data storage partners, analytics, technology services and support, and data security. We may also share your Personal Information with professional advisors, such as auditors, law firms, and accounting firms.
  • Affiliates. We may share your Personal Information with our subsidiaries and affiliates.
  • Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, subpoenas, and regulatory inquiries.
  • To enforce our rights. We may share your Personal Information to enforce our Terms of Use and any other agreement, terms, and conditions relating to your use of the Platform. We may also share information as needed to ensure the safety and security of our Platform and our users, and to detect, prevent, or otherwise address fraud, security, or technical issues.
  • To protect rights, property, and safety. We may share your Personal Information if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Enzo Health, our customers, or others. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
  • Business transfers. We may share your Personal Information to a buyer, potential buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users are among the assets transferred.
  • De-identified information. We may also share de-identified information, so that it cannot be reasonably used to identify any individual, with third parties for marketing, advertising, research, or similar purposes.
  • Knowledge and consent. With your consent, pursuant to your instructions, to fulfill a purpose for which you provide your Personal Information to us, and for any other purpose disclosed by us when you provide your Personal Information.

Your Choices for How We Collect, Use and Share Your Personal Information

We provide you with various choices on how you can opt out of our certain uses and sharing of your Personal Information. As a general rule, you cannot opt out of our collection, use, and sharing of Personal Information to the extent it is necessary to provide the Platform or related basic services, features and functionality available on or through the Platform to you.

Cookies

You can change the cookie settings that will be placed when you use our Platform by changing the settings on your Internet browser. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Please note that Internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your Internet browser. However, if you use your browser settings to block all cookies (including strictly necessary cookies), you may not be able to access or use all or areas and aspects of our Platform.

Messages

If you do not wish to have your email address used by Enzo Health to send you messages and content, you can opt out at any time by clicking the unsubscribe link at the bottom of any marketing emails you receive from us. You may have other options with respect to marketing and communication preferences through our Platform.

Do Not Track Signals

We do not track you over time and across third-party websites or other online services for any purpose. Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they "do not track" your online activities.

Accessing, Correcting and Deleting Personal Information

Access, Corrections and Deletion

Please contact us using the Contact Information at the end of this Policy if you have any questions regarding reviewing, accessing, correcting or deleting your Personal Information. You can also access your Personal Information on the Platform by Enzo Health. Please promptly inform us of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible. You may also have certain deletion rights in accordance with applicable law. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

Copies and Retention of Personal Information

Please contact us using the Contact Information at the end of this Policy if you have any questions about obtaining copies or the retention of your Personal Information. You can also access and obtain a copy some or all of your Personal Information on the Platform by Enzo Health.

Exporting Data

If you need to export or a copy of your data, please let us know and we will assist you with your request. We retain the data we collect for different periods of time depending on what it is, how we use it, and applicable legal requirements. We may retain some data for longer periods of time than other data when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.

Children's Privacy

Our Platform is not intended for children under 16 years of age. No one under age 16 may provide us with any Personal Information on or through the Platform. We do not knowingly collect Personal Information from children under 16. If you are under 16, do not use or provide any information on our Platform or on or through any of its features, register on the Platform, make any purchases through the Platform, use any of the interactive or public comment features of our Platform, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information directly from a child under 16, please contact us using the Contact Information at the end of this Policy.

Supplemental Disclosures and Rights Based on State Law

In addition to the disclosures and rights set forth elsewhere in this Policy, you and other users may have certain rights based on applicable state law, e.g., for California residents, the California Privacy Rights Act (CPRA). Other states have passed consumer privacy laws that may be applicable to Enzo Health and your use of this Site. These supplemental disclosures and rights apply to you and your use of our Platform to the extent applicable state law applies to Enzo Health and your use of our Platform. Please contact us using the Contact Information at the end of this Policy if you have any questions regarding your rights under applicable state law.

Categories of Personal Information Collected

As described in more detail in other areas of our Privacy Policy, we collect and/or disclose Personal Information about you when you visit use our Platform, including information about you that you provide to us, and information that we automatically collect from you or your computer or device as you use our Platform.

Personal Information does not include information that is: (a) publicly available information from government records; (b) de-identified or aggregated consumer information; or (c) certain information excluded from the scope of applicable state law (e.g., PHI covered under HIPAA and medical information that may be covered under HIPAA and other state laws).

Categories of Sources From Which We Have Collected Personal Information

We collect Personal Information directly from you, for example when you provide it to us and when you contact us through our Platform; and indirectly from you automatically through your computer or device as you use our Platform. We may also collect Personal Information about you from our advertising partners and service providers.

Use of Personal Information

We do not sell your Personal Information and have not done so in the prior 12 months from the last modified date of this Policy. We may use or disclose the Personal Information we collect for our business purposes as described elsewhere in this Privacy Policy.

Sharing Personal Information

Enzo Health may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, such as to service providers, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

Disclosures of Personal Information for Business Purposes

We may disclose your Personal Information for our business purposes, such as your contact information, other information you have provided to us, and unique identifiers that identify you to us or to our service providers. We disclose your Personal Information to certain third parties such as our vendors, business partners, and service providers.

Access Request Rights

You may have the right to request that Enzo Health disclose certain information to you about our collection and use of your Personal Information over the past 12 months for the above business and commercial purposes. To submit an access request, see Exercising Access and Deletion Rights, below. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business or commercial purpose for collecting that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • The specific pieces of Personal Information we collected about you.
  • If we disclosed your Personal Information for a business purpose, a list disclosing such disclosures, identifying the Personal Information categories that each category of recipient obtained.

Deletion Request Rights

You may have the right to request that Enzo Health delete your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless certain exceptions apply.

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you or your legal representative authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify whether you are the person about whom we collected Personal Information or an authorized representative of such person.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Non-Discrimination

We will not discriminate against you for exercising any of your rights under applicable state law. Unless permitted by applicable law, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

International Users

Our Platform is not intended for use by and is not directed to residents of the European Union. All data is stored and processed in the United States. By using and accessing our site, users who reside or are located in countries outside of the United States agree and consent to the transfer to and processing of personal information on servers located outside of the country where they reside, and that the protection of such information may be different than required under the laws of their residence or location.

Data Security

Security Measures

We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Platform. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures deployed on the Platform.

Consent to Processing of Personal Information in the United States

In order to provide our Platform, Products, and Services to you, we may send and store your Personal Information outside of the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Information. Your Personal Information may be processed and stored in the United States, and federal, state, and local governments, courts, or law enforcement or regulatory agencies in the United States may be able to obtain disclosure of your information through the laws of the United States. By using our Platform, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Information outside the country where you reside or are located, including in the United States.

Your Personal Information is transferred by Enzo Health to another country only if it is required or permitted under applicable data protection laws and provided that there are appropriate safeguards in place to protect your Personal Information. To ensure your Personal Information is treated in accordance with this Privacy Policy when we transfer it to a third party, Enzo Health uses Data Protection Agreements between Enzo Health and all other recipients of your Personal Information.

Changes to Our Privacy Policy

We may alter this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on the home page or other prominent location on the Platform. If we make material changes to how we treat our users' Personal Information, we will notify you as required or permitted by applicable law. The date this Privacy Policy was last modified is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Platform and this Privacy Policy to check for any changes.

YOUR CONTINUED USE OF OUR PLATFORM FOLLOWING THE POSTING OF CHANGES CONSTITUTES YOUR ACCEPTANCE TO SUCH CHANGES.

Contact Information

If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy or the ways in which we collect and use your Personal Information described in this Privacy Policy, have any requests related to your Personal Information pursuant to applicable laws, or otherwise need to contact us, please contact us using this Contact Information.

Email Address: contact@enzo.health

Phone Number: (385) 263-8566

Glossary

Browser Web Storage

Enables websites to store data in a browser on a device. When used in "local storage" mode, it enables data to be stored across sessions. This makes data retrievable even after a browser has been closed and reopened. One technology that facilitates web storage is HTML 5.

A Cookie

A small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.

A Pixel or Pixel Tag

A type of technology placed on a website or within the body of an email for the purpose of tracking certain activity, such as views of a website or when an email is opened. Pixel tags are often used in combination with cookies.

An Application Data Cache

A data repository on a device. It can, for example, enable a web application to run without an Internet connection and improve the performance of the application by enabling faster loading of content.

Server Logs

Like most websites, our servers automatically record the page requests made when you visit our sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser.

Session Replay

Provides the ability to replay a visitor's journey on a web site or within a mobile application or web application. Replay can include the user's view (browser or screen output), user input (keyboard and mouse inputs), and logs of network events or console logs. Session replay is used to help improve customer experience, analyze usability and help identify obstacles in conversion processes on websites. It can also be used to study a website's usability, customer behavior, interests, and the handling of customer service questions as the customer journey, with all interactions, can be replayed. It can also be used to analyze fraudulent behavior on websites.

A Unique Identifier

A string of letters, numbers and characters that can be used to uniquely identify a computer, device, browser, or app. Different identifiers vary in how permanent they are, whether they can be reset by users, and how they can be accessed. Unique Identifiers can be used for various purposes, including security and fraud detection, syncing data from your device(s) to our Platform, and remembering your preferences. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. See your browser documentation for additional information.

On other platforms besides browsers (e.g., personal devices), Unique Identifiers are used to recognize a specific device or app on that device. For example, a Unique Identifier can be used to provide relevant advertising on mobile devices and can be managed in your device's settings. Unique identifiers may also be incorporated into a device by its manufacturer (sometimes called a universally unique ID or UUID), such as the IMEI-number of a mobile phone. For example, a device's unique identifier can be used to customize our Platform and Services to your device or analyze device issues related to our Platform and Services.