Privacy Policy

We do not consider personal information to include information that can no longer be used to identify a specific natural person, whether in combination with other information or otherwise such as, forexample, de-identified or aggregated consumer information.

3. SECURING YOUR INFORMATION

‍We implement and maintain reasonable and appropriate technical and electronic safeguards to protect the security of your personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. While we implement these security measures to protect your data, it is important to understand that no online platform can guarantee absolute security. Therefore, we encourage you to take necessary, best-practice security precautions such as strong, unique passwords and being cautious with the sharing of login credentials. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. You should not share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform. In the event of a data breach or security incident, we will take immediate action to isolate and resolve the incident based on our incident response resolution procedures, notify relevant authorities, and inform affected data subjects in compliance with applicable data protection laws.

4. HOW WE USE YOUR INFORMATION

‍In addition to, and consistent with, the uses and sharing as described in this Policy or, if not described in this Policy, with your consent prior to such processing taking place, the Company may use your personal information as described below:

● We may disclose information when required to do so by law.
‍
● We use your personal information to manage your account, including account setup, verification, and maintenance. This ensures the security and functionality of your account on our Platform.
‍
● To fulfill or meet the reason you provided the information. For example, if you register on our portal to receive a screening kit, we will use your information to ship the kit to your address or providing access to our online portal and customer service. If you enroll in our remote monitoring services, we will use your information to facilitate device setup,collect and transmit your health readings (such as blood pressure data), communicate your monitoring data to authorized healthcare professionals, and provide you with monitoring results and related communications. In addition, we will communicate this information to our third-party laboratory processing your kit, to remote monitoring device and technology providers facilitating the collection and transmission of your health data, and we disclose your PHI to authorized healthcare professionals who order tests, oversee your remote monitoring program, or need access to your test or monitoring results for treatment purposes.
‍
● We may provide your PHI to other companies orindividuals that need it to provide services to us. These other entities, known as "business associates," are required to maintain the privacy and security of PHI. For example, our business associates may use your PHI to conduct shipping or record storage services on our behalf.
‍
● We may use your contact information to communicate with you. This includes sending transactional emails, emails or notifications related to your test kit, monitoring data, or results, service updates, and responding to your inquiries or requests. We may also use your contact information for marketing purposes, such as sending newsletters or promotional offers if you have provided your consent or if we have a legitimate interest in doing so.

● Your information allows us to provide customer support when you have questions or encounter issues with our services. This may include troubleshooting, resolving complaints, and addressing your concerns.

● We analyze your data to understand how our services are used and to make improvements. This includes enhancing the user experience and developing new products.

● We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI as required to comply with a court or administrative order. We may disclose yourPHI in response to a subpoena, discovery request or other legal process in thecourse of a judicial or administrative proceeding, but only if efforts havebeen made to tell you about the request or to obtain an order of protection forthe requested information.

● For workers’ compensation as authorized by, or tothe extent necessary to comply with, state workers compensation laws that govern job-related injuries or illness.

● For public health activities such as reporting or preventing disease outbreaks to a public health authority.  We may also disclose your information to the applicable regulatory agencies related to safety or quality issues, adverse events or for facilitating a recall.

● If you are a client or business partner, we may use your personal information to fulfill our contractual obligations, including managing contracts, invoicing, and providing support as agreed upon in ourbusiness relationship.

● We use your information to protect against fraud, unauthorized access, and other security risks. This may include monitoring account activities and implementing security measures. The lawful basis for this processing is legitimate interests to ensure the security and integrity of our services.

● We may aggregate and anonymize your data to create statistical or research reports, which do not personally identify you. This information may be used for business analysis, marketing, and sharing with partners or clients. These reports may also be used to fulfill our contractual obligations.

● We may use your PHI to create “de-identified”information, which means that we remove information that can be used to identify you. There are specific rules under the law about what type of information needs to be removed before information is considered de-identified. Once information has been de-identified as required by law, it is no longer PHI and we may use it for any lawful purpose.

● In addition to the purposes listed above, we may use your personal information for other legitimate purposes, provided that they are compatible with the original reasons for which your data was collected. For these other purposes, we will rely on legitimate interests or other lawful bases as required by applicable laws. 

‍5. ADDITIONAL RESTRICTIONS ON USE AND DISCLOSURE.   

‍Certain federal and state laws may require special privacy protections that restrict the use and disclosure of certain health information, including highly confidential information about you. Such laws may protect the following types of information:

●      HIV/AIDS

●      Sexually Transmitted Diseases

If a use or disclosure of health information described above in this notice is prohibited or materially limited by other laws that apply to us, it is our intent to meet the requirements of the more stringent law.  For example, if a state law provides you with greater access to your health information, we will follow it. Except for uses and disclosures described and limited as set forth in this Policy, we will use and disclose your health information only with a written authorization from you. Once you give us authorization to release your health information, we cannot guarantee that the recipient to whom the information is provided will not disclose the information. You may take back or "revoke" your written authorization at any time in writing, except if we have already acted based on your authorization. To revoke anauthorization, use the contact information below. 

6. USE OF EMAIL AND TEXT 

‍If your account settings allow for receiving email communication or text messages from us or if you initiate communication with us via email or text, we may respond to the email or text message address we have on file for you or to the same email address or text phone number from which you send your email or text to us. You should understand that there are certain risks associated with the use of email or text. It may not be secure, which means it could be intercepted and seen by others. By providing your phone number and opting in to receive communications, you consent to receive recurring marketing and non-marketing text messages (SMS and MMS) from the company. Message frequency may vary. These messages may include updates, promotional offers, account notifications, and other information related to your use of our services. Message and data rates may apply. Reply STOP to unsubscribe from SMS messages. For help, contact us per below. Consent is not a condition of any use. You may still use our services without agreeing to receive text messages and you can opt out at any time. 

7. INFORMATION COLLECTED THROUGH REMOTE MONITORING DEVICES

‍If you enroll in our remote monitoring services, we may collect health and physiological data through connected monitoring devices (such as blood pressure cuffs or other medical devices) and associated mobile or web applications. This data may include, without limitation, blood pressure readings, heart rate, pulse, and other vital signsor physiological measurements, as well as the date, time, and frequency of each reading and device identifiers. This data is collected automatically by the monitoring device and transmitted to our Platform through the associated application or connectivity features of the device. We use this data to provide the remote monitoring services, share your health data with authorized healthcare professionals overseeing your care, generate reports and alerts, fulfill our contractual obligations to our customers, and as otherwise described in this Privacy Policy.We take reasonable measures to protect monitoring data during transmission and storage, including the use of encryption and access controls. You are responsible for maintaining the security of your monitoring device and any associated application credentials. If you believe your monitoring device or account has been compromised, please contact us immediately at privacy@poweredbyash.com. Remote monitoring data that constitutes PHI is subject to the same protections, rights, and restrictions described elsewhere in this Privacy Policy, including your rights under Section 12 (Your Patient Rights).

‍8. AUTOMATICALLY COLLECTED INFORMATION‍

We may also collect certain information automatically when you visit our Platform or use our services, such as your IP address, browser type, and usage data.

‍9. INFORMATION FROM OTHER SOURCES‍

We may receive personal data about you from other sources to supplement data already collected. This may include publicly available data or data provided by third parties. We may combine this data with the data we already have.  We will handle this data in accordance with this Privacy Policy and the purposes outlined when the data was collected. We will notify you if there are any material changes to the way we intend to use this data. Please note that we are not responsible for the accuracy of the data provided by third parties or any consequences arising from the use of such data.

‍10. DATA SHARING

‍We will not share your personal information with third-parties, unless explicitly authorized to do so or outlined in this Policy. Please note that when your personal information is shared with an authorized third-party, the information received by that third-party is controlled by that company and therefore becomes subject to that company’s Privacy Policy. We may share your personal information with the following:

Service Providers: We may share your personal information with third-party service providers who assist us in delivering our products and services. These service providers include third-party fulfillment companies, shipping and delivery companies, provider networks, partner laboratories, and remote monitoring technology providers. We will only share the necessary data to fulfill their specific tasks and will have contracts or agreements in place to ensure they process your data securely. The lawful basis for sharing data with service providers is typically the necessity for the performance of a contract or, in some cases, legitimate interests, provided that these interests are not overridden by your data protection rights.  

Laboratory Testing, Remote Monitoring, and Clinician Services: If you utilize our test kits or remote monitoring services, we will use your information for laboratory testing services, remote patient monitoring services, or clinician oversight services, and your personal information will be transmitted to the applicable laboratory, remote monitoring technology provider, or healthcare provider.

Business Partners: In some cases, we may share personal information with our business partners and affiliates, but only when it is necessary for the performance of a contract, the provision of services, or as part of a legitimate business interest. For example, we may share data with a partner organization involved in co-branded events or services. Sharing data with business partners and affiliates may be necessary for the performance of a contract or based on legitimate interests, especially when these partnerships are essential for delivering integrated or co-branded services.

Legal Authorities: We may be required to share personal information with legal authorities, regulatory bodies, or law enforcement agencies when necessary to comply with legal obligations or respond to valid requests for information, as permitted by law. The lawful basis for sharing with legal authorities is the necessity to comply with a legal obligation. Under certain circumstances, your personal information may be subject to processing pursuant to laws, regulations, judicial or other government subpoenas, warrants, or orders.

Merger or Acquisition: In the event of a merger, acquisition, or sale of all or part of our business, the sharing of personal information with the acquiring entity orparties involved in the transaction may be based on legitimate interests, as it's necessary for the legitimate interests pursued by us or the acquiring entity. We will ensure that your data remains protected and used in accordance with this Policy.  To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about our Platform and/or services is among the assets transferred, and you agree to and do hereby consent to our assignment or transfer of rights to your personal information.

Other Legitimate Business Interests: In certain cases, we may share personal information with other parties for legitimate business interests. The sharing of this personal information may be based on legitimate interests. We will always ensure that such sharing is conducted in accordance with applicable data protection laws and respect your rights.

Sharing of Website Tracking Data: Our websites, like almost all other websites, use cookies and other technologies to make the website work as you expect and to collect and share information.

Integration of Third-Party Platform, Services and Websites: The Platform may be linked to, rely on and be integrated with websites, applications, interfaces, services and websites or platforms operated by other companies, including third-party services and clients. We are not responsible for the privacy practices of such websites, applications, interfaces, services and platforms operated by third parties that are linked to, rely on and/or integrated with the Platform. Once you leave the Platform via a link, access a third-party service, you should check applicable privacy policies to determine, among other things, how related companies process personal information they may collect about you. This Policy applies solely to information collected by the Company.

‍11. NOTICE TO RESIDENTS OF CALIFORNIA, COLORADO, CONNECTICUT, MONTANA, OREGON, TEXAS, UTAH AND VIRGINIA OR WHERE REQUIRED BY APPLICABLE LAW

‍CCPA. This sectionsupplements the information contained in the Policy and applies solely tousers, and others who reside in California to the extent required under theCalifornia Consumer Privacy Act (as amended by the California Privacy RightsAct) (the “CCPA”) and to other, certain U.S. State residents to the extentrequired under such U.S. State’s applicable law. The CCPA sets forth certainobligations for businesses that “sell” personal information. Based on thedefinition of sell under CCPA and under current regulatory guidance, we do notengage in such activity and have not engaged in such activity in the pasttwelve months. We do not allow third parties to advertise to users on ourPlatform, unless you provide consent, which is not requested in this Policy.

California’s Shine the Light Statute. A California resident who has provided personal information to abusiness with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information under the California Civil Code Section 1798.83 (California’s Shine the LightStatute) about whether the business has disclosed personal information to any third parties for the third parties' direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receiptof a request by a California Customer, the business is required to provide alist of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed. California Customers may request further information about our compliance with this law by contacting us at any of the following:

‍Mail: Attn: Privacy Officer, Ash Wellness,Inc., at 147 W 26th St, Floor 2, New York, NY 10001
Email: privacy@poweredbyash.com
Phone Number: +1 (956) 948-3769

Please note that we are only required to respond to one request per California Customer each year under Code Section1798.83.

Rights Under State Consumer Privacy Laws. Residents of the states of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, or Virginia have certain rights described herein. If you are a resident of one of these states (“Applicable Residents”), you may exercise your privacy rights where these are applicable to you at any time, by contacting us at any of the following:

Mail: Attn: Privacy Officer, Ash Wellness,Inc., at 147 W 26th St, Floor 2, New York, NY 10001
Email: privacy@poweredbyash.com
Phone Number: +1 (956) 948-3769 

This section describes practices regarding the collection, use, disclosure, and sale of “personal information” and the rights of Applicable Residents regarding their personal information under the applicable state consumer privacy laws in the United States (“Applicable State Data Protection Law”). This section applies to Applicable Residents who are considered a “Consumer” or an equivalent term under the Applicable State Data Protection Law. The section does not apply to information that is exempt from an Applicable State Data Protection Law. For example, Applicable State Data Protection Laws do not apply to information that is already protected by certain other laws such as HIPAA, to information that is already publicly available from governmental sources, or to de-identified or aggregated consumer information.

A. You Have a Right to Know. Applicable Residents have the right to request that we disclose what Personal Information we collect, use, and disclose. This is called the "Right to Know". Under the Right to Know, you can request a listing of the types of Personal Information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting, or selling Personal Information), other individuals and businesses with whom we share Personal Information, and the specific pieces of Personal Information that we have collected about you. If you would like to make a request under your Right to Know, you may request this throughcompliance@poweredbyash.com or by calling +1 (956)948-3769. When you make a request under your Right to Know, you can expect the following:

● We will verify your identity. We will verify your identity using the following process: Our customer care team will ask questions based upon information that you previously have provided. Where possible, wewill use information we already hold about you in order to confirm that you are who you say you are.

● We will confirm our receipt of your request within10 days. If you have not received a response within a few days after that, please let us know by contacting us at privacy@poweredbyash.com or by calling +1 (956) 948-3769.

● We will respond to your request within 45 days ofreceipt of the request, if possible. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

In certain cases, a Right to Know request maybe denied. For example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone's security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.

B. The Right to Access. Applicable Residents have the right to request that we provide a portable copy of the personal information we collect, use, disclose, and sell. You can request a listing of the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you. If you would like to make a request under your Right to Access, you may request this throughprivacy@poweredbyash.com or by calling+1 (956) 948-3769. When you make a request for a portable copy of your information, you can expect the following:

● We will verify your identity based upon information that you previously have provided. Where possible, we will use information we already hold about you in order to confirm that you are who you say you are.

● We will confirm our receipt of your request within10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed above.

● We will respond to your request within 45 days of receipt of the request, if possible. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

●     In certain cases, a request for access may be denied, for example, if we cannot verify your identity. If we deny your request, we will explain why we denied it. 

‍C. You have a Right to Request Deletion. Applicable residents have a right to request the deletion of their Personal Information collected or maintained by us, subject to certain limitations. If you would like information about you to be deleted, you may request deletion through privacy@poweredbyash.com or by calling +1 (956) 948-3769. When you make a request for deletion, you can expect the following:

●  After you submit a request deletion, you will needto confirm that you want your information deleted.

●  We will verify your identity based upon information that you previously have provided. Where possible, we will use information we already hold about you in order to confirm that you are who you say you are.

● We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below. We will respond to your request within 45 days of receipt of the request, if possible. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why. In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity, the law requires that we maintain the information (e.g., in case of certain tests) or if we need the information for internal purposes such as ongoing research.

● If we deny your request, we will explain why we denied it, treat your request as an "opt-out" of the sale of information (as described in our Notice of Right to Opt-Out), and delete any other information that is not protected from deletion. 

D. You may have a Right to Request the Correction. Applicable residents other than in Utah also have the right to request the correction of inaccurate Personal information collected or maintained by us. If you would like information about you to be corrected, you may request correction through the contact information at privacy@poweredbyash.com or by calling +1 (956) 948-3769. When you make a request for correction, you can expect the following:

● After you submit a request for correction, you willneed to confirm what information is incorrect and requires correction. We willverify your identity based upon information that you previously have provided.Where possible, we will use information we already hold about you in order toconfirm that you are who you say you are.

● We will confirm our receipt of your request within10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.

● We will respond to your request within 45 days of receipt of the request, if possible. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why. In certain cases, a request for correction may be denied, for example, if we cannot verify your identity. If we deny your request, we will explain why we denied it. 

E. You Have the Right to Opt-Out. This Section also serves as a Notice to residents of the States of California, Colorado, Connecticut, Montana, Oregon, Texas, and Utah and the Commonwealth of Virginia of their right to opt-out of the sale of personal information and of the use and/or disclosure of personal information for certain types of targeted advertising and consumer or household profiling. Residents of California have a right to direct businesses not to sell their personal information or share their personal information for cross-context behavioral advertising. Colorado, Connecticut, Montana, Oregon, Texas, Utah,and Virginia residents have the right to direct businesses not to process their personal data for purposes of (i) targeted advertising, (ii) selling or otherwise transferring personal data in exchange for monetary or other valuable consideration, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Under Applicable State Data Protection Law, this is known as the “right to opt out.” In general, we will only use your personal information to perform services or provide the goods reasonably expected by you, internal reporting and analytics purposes, for other purposes in the ordinary course of business, and to facilitate first-party marketing and analytics. We do not sell your personal information for monetary consideration. Nevada law also gives Nevada consumers the right to request that a company not sell their personal information for monetary consideration to certain other parties.  This right applies even if their personal information is not currently being sold in that manner.  If you are a Nevada consumer and wish to exercise this right, please send an email with the subject line “Nevada Resident Do Not Sell Request” to privacy@poweredbyash.com. 

F. Rights Regarding Use and Disclosure of Sensitive Personal Information. Sensitive personal information includes the “sensitive personal information” described in above, such as information concerning your health. In general, we will only use your sensitive personal information to perform services or provide the goods reasonably expected by you, for internal reporting and analytics purposes, contractual requirements, for other internal purposes in the ordinary course of business. 

G. Your Right to Appeal. If we refuse to take action on any of the above rights, consumers who are residents of the states of Colorado, Connecticut, Montana, Oregon, Texas, and Virginia can appeal this decision by emailing us at privacy@poweredbyash.com. We shall inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions, within 45 days of receipt of your appeal, if you are a resident of Oregon, and within 60 days of receiptof your appeal, if you are a resident of Colorado, Connecticut, Montana, Texas,or Virginia. 

H. Authorized Agents. If you are a California resident and would like, you may designate an authorized agent to make arequest under the CCPA on your behalf. If you are a Colorado, Connecticut, Montana, Oregon, or Texas resident, you may have a right to designate an authorized agent to make a request to opt out on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us. 

‍12. YOUR PATIENT RIGHTS

Right to Access
‍You have the right to access your PHI. You may:

● Obtain your test results and remote monitoring dataonline or on your smartphone using our mobile app by visiting your patient portal to access your account; or 

● Submit a written request of your own to our Customer Service team at support@powerebdyash.com to obtain your PHI (requests must be signed and include enough demographic and other information necessary for us to authenticate you and identify your records). If your request for test or monitoring information is denied, you may request that the denial be reviewed. 

Amend Health Information
‍
‍You may request amendments (changes) to your PHI by making a written request. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you with a written explanation of the reason for the denial and let you know about further actions you may take.                                

‍Accounting of Disclosures
‍
‍With limited exceptions, you have the right to request a written accounting of every disclosure of your health information we have made for up to six years prior to your request, other than disclosures to you, disclosures authorized by you in writing, and disclosures for treatment, payment and health care operations as described in this Notice. Your request must specify a time period, which may not be longer than six years. 

‍Request Restrictions

‍You may request that we agree to restrictions on certain uses and disclosures of your PHI. We are not required to agree to your request, except for requests to limit disclosures to your health plan for purposes of payment or healthcare operations when you have paid us for the item or service covered by the request out-of-pocket andin full and when the uses or disclosures are not required by law.​

‍Request Confidential Communications

‍You have the right to request that we send your health information by alternative means or to an alternative address, and we will accommodate reasonable requests. 

‍Copy of this Notice

‍You have the right to obtain a paper copy of this Notice upon request. 

13. NON-DISCRIMINATION

‍We will not discriminate against you for exercising any of your rights under applicable law. Unless permitted by applicable law, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or qualityof goods or services. 

‍14. OTHER INFORMATION COLLECTED

‍As you navigate and use the Platform, certain information can be passively collected—that is, gathered without the user actively providing the information or being concurrently made aware of the collection of information—using various technologies. We passively collect a variety of types of information in a variety of ways, including:

IP Addresses and Related Data. The servers used to operate and provide the Platform may collect data pertaining to you and the equipment, software, and communication methods you use to access the Internet and the Platform, including Internet protocol (“IP”) addresses assigned to the computers and other devices from where you access the Internet, your Internet service provider (ISP), device ID numbers and unique identifiers, your media access control (MAC) address, your operating system, your computer screen resolution, your web browser type, the pages you access onthe Platform, the websites you access before and after visiting the Platform, the length of time you spend on the Platform, date and time stamps, click stream data, your approximate geographic location, performance statistics, and usage data. The Company may use this information to administer the Platform and its servers, to generate statistical information, to monitor and analyze Platform traffic and usage patterns, to monitor and help prevent fraud, to investigate complaints and violations of our policies, and to improve the Platform and services.We may combine this information with other collected information (including personal information) and information obtained from third parties for security reasons and to protect our rights or the rights of others. The suppliers that we use to provide the Platform may collect information about your visits to the Platform and other websites. Some of this information may be collected using cookies and similar tracking technologies as explained below under “Tracking Technologies.”

Analytics. The Platform uses third-party analytics tools (e.g., Google Analytics) to collect and process data about your use of the Platform, including when you visit the Platform, URLs of the websites that you visit prior to visiting the Platform and when you visit those websites, and IP addresses assigned to the devices from where you access the Internet. Our analytics providers may set and read cookies to collect this data and your web browser will automatically send data collected by those cookies to our analytics providers. Our analytics providers use this data to provide us with reports that we will use to improve the Platform’s structure and content.

For more information on how Google uses this data, visit Google’s Privacy Policy and Google’s page on How Google uses data when you use our partners' sites or apps. To prevent this data from being used by Google Analytics, follow the instructions to download and install the Google Analytics Opt-out Browser Add-on for each browser you use. Using the Google Analytics Opt-out Browser Add-on will not prevent NDX from using other analytics tools and will not prevent data from being sent to the Service itself or to Google. For more information about how Google Analytics uses cookies to measure user interactions on websites, visit Google Analytics Cookie Usage on Websites. You may disable cookies as discussed below, but that may impact your use and enjoyment of the Service.

Advertising Networks, Personalized Advertising, Remarketing, & Retargeting. From time to time the Platform may use or participate in advertising networks and related advertising services that are managed and provided by third-party advertising servers, advertising agencies, technology vendors, and research firms,including, without limitation, Google Ads and advertising services provided by Adobe and LinkedIn. These services collect information about your visits to and interactions with the Platform and other websites and will use that information to target advertisements for goods and services and to display those advertisements on other websites. The information collected may be associated with your personal information.

Advertising networks often gather data aboutconsumers who view advertisements to make inferences about a consumer’s interests and preferences, which enables their computers to deliver advertisements directly targeted to the consumer’s specific interests. This practice is often referred to as “online behavioral advertising.” For example,a third-party advertising network might collect the type of web browser youuse, the type of computer operating system you use, the domain name of a website you visit, whether or not you visit specific pages of the Platform and other websites, the location of your Internet service provider, the date andtime of a visit to a website, and other interactions between you and a website.

Through Google Ads, Google uses your Internet searches, cookies, and similar identifiers (e.g., pixel tags) to collect information about your visits to the Platform and your interaction with our products and services to generate targeted advertisements to you on other websites that you visit across the Internet.

We may also enable and implement the following Google Analytics Advertising Features on the Service: Remarketing with Analytics, Demographics and Interest reporting, Campaign Manager integration, Display & Video 360 integration, Google Display Network (“GDN”) Impression Reporting, and Segments. Remarketing with Analytics uses Google Analytics cookies to serve advertisements to you across the Internet based on your visits to the Platform. Demographics and Interest reporting uses a third-party cookie to collect information about our Platform traffic by tracking users across websites and across time, which generates a report for us to better understand Platform users. Campaign Manager integration allow us to view, analyze, and create remarketing lists using our Campaign Manager data in Google Analytics. Display & Video 360 integration allows us to create remarketing lists in Google Analytics and have those lists available in Display & Video 360. GDN Impression Reporting allows us to measure the impact of unclicked GDN Displayad impressions on website behavior and conversions. Segments allows us to isolate and analyze subsets of Service users by sorting our Google Analytics data.

To opt out of remarketing advertising provided through Google, to customize your ad preferences, or to limit Google’s collection or use this information, visit Google’s Safety Center and Google’s Ad Settings and follow Google’s personalized ad opt-out instructions. Opting out will not affect your use of the Platform.

To change your preferences with respect to certain online ads and to obtain more information about third-party ad networks and online behavioral advertising, please visit the National Advertising Initiative Consumer opt-out page or the Digital Advertising Alliance Self-Regulatory Program. Please remember that changing your settings with individual web browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads from time to time. Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” on Android) that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.

Social Media. The Platform may allow you to connect to and share information with social media platforms and we may be required to implement cookies, plug-ins, and APIs provided by those social media platforms in order to facilitate those communications and features. We may share information that you provide us or that we may collect about your use of the Platform with those platforms and that information will be subject to their privacy policies. We encourage you to review the privacy policy of any social media platform that you use in connection with the Platform. In addition, by choosing to use any third-party social media platform or choosing to share content or communications with any social media platform, you allow us to share information with the designated social media platform. We cannot control any policies or terms of such third party platform. As a result, we cannot be responsible for any use or disclosure of your information or content by third-party platforms, which you use at your own risk.

Cookies. Cookies are files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings on your device. Our Services may use HTTP cookies, HTML5 cookies, Flash cookies and other types of local storage (such as browser-based or plugin-based local storage). Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict or disable certain cookies. You also maybe able to delete your Flash cookies or adjust your Flash cookie settings by visiting the Adobe Flash Website Storage Settings Manager. Please note, however, that without cookies you may not be able to use all of the features of our Platform.

Tracking Technologies. Our cookies, tokens and similar technologies (collectively, "Tracking Technologies") also are used for administering the Platform, including without limitation, for authentication, to remember users’ settings, to customize the content and layout of the Platform for users, to contact you about the services, and to improve our internal operations, the content of our Platform and our services. Users may be able to control the use of, or reject or disable, some Tracking Technologies at the individual browser level. If you reject or disable Tracking Technologies, you may still use our Platform, but your ability to use some features or areas of our Platform may be limited. We use Tracking Technologies to identify your device and keep track of your Internet session with our Platform. Using these Tracking Technologies, we may automatically end your session on our Platform after a period of inactivity (as determined by us in our sole discretion). We also use Tracking Technologies that allow us to recognize your device when you return to the Platform within a certain period of time (as determined by us in our sole discretion) and automatically log you back into your account with us. UNLESS YOU AFFIRMATIVELY LOG OUT of your account PRIOR TO YOUR SESSION ENDING (whether by you or by us),YOU WILL BE AUTOMATICALLY LOGGED BACK IN THE NEXT TIME YOU OR ANY USER OF YOUR DEVICE VISITS OUR SITE within the period of time determined by us. If you do not wish to be automatically logged back in when you (or someone using your device) next initiate a session with our Platform (using the same device that is being used for your current session), you should log out of your account (i) prior to ending your session, or (ii) if you will be inactive on our Platform for more than a few minutes.

Web Logs. In conjunction with the gathering of data through cookies, Web servers may log records such as your device type, operating system type, device advertising identifier, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. The Web server logs also may record the address of the Web page that referred you to our Platform, the IP address (and associated city and state or province for the IP address) of the device you use to connect to the Internet, and data about your interaction with our Services, such as which pages you visit.

Pixels/Web Beacons. To control which web servers collect information by automated means, we may place tags on our web pages called "web beacons" (or “pixels”), which are files that link web pages to particular web servers and their cookies. We may use pixels for security and fraud-prevention purposes. We also may include web beacons in e-mail messages to record whether an email has been opened or whether certain links in such email have been clicked. We or third parties also may send instructions to your device using JavaScript or other computer languages to store or gather the sorts of data described above and other details about your interactions with the Platform. We may use third party pixels on the Platform registration and login pages. For example, we may use these pixels to assess your progress in registering for our Platform. If you start but fail to complete the registration process, we may also use third party pixels to deliver reminders to complete your registration. We may also use these pixels to deliver notices about new and existing features on our Platform. These reminders and notices may appear on other websites, and third parties who provide the pixels may use the information obtained from pixels for their business purposes. To opt out of such use of third party pixels for advertising, please visit http://www.aboutads.info/choices.

Online Analytics. We may use third-party web analytics services on our Platform, such as those of Google Analytics. These service providers use the sort of technology described in this “Information that is Automatically Collected” section to help us analyze how users use the Platform, including by noting the third-party website from which users arrive. The information (including your IP address) collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

‍15. CHILDREN‍

We do not knowingly collect any information from minors. In situations where personal data from anyone under the age of 18is needed for data processing activities, we will obtain authorization from an appropriate parent or guardian. If such authorization is unable to be obtained, data processing activities for that data subject will be terminated. In the event that we discover that a minor under the age of 18 has provided PII to us, we will make efforts to delete the information as soon as possible. If you have concerns about our Platform or service offering, wish to find out if your child has accessed our services, or wish to remove your child’s personal data from our servers, please contact us at privacy@poweredbyash.com

16. LOCATION OF PERSONAL INFORMATION‍

Our Platform is hosted in the United States and all personal information collected with the service is stored in the United States. We make no representations that our Platform is appropriate or available for use outside of the United States. If you are a resident of another country, or are accessing the website from outside of the United States, please note that you are transferring data to the United States of America, which does not have the same data protection laws as your location.  By providing your data toor using the Platform, you acknowledge and consent to the transfer, processing and maintenance of your data as described in this Policy.

‍17. HOW LONG WE RETAIN YOUR INFORMATION

‍We retain your personal information only for as long as is necessary for our legitimate business purposes. We will retainand use your personal information to the extent necessary to comply with our legal, accounting, or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Additionally, we may continue to store your personal information contained in our back-ups that are not accessible during the normal course of business. This applies to all categories of personal information in use by us.

18. UPDATES TO THIS PRIVACY POLICY

‍We periodically review this Policy and maymake updates to reflect changes in our practices, for legal reasons, or to meet new regulatory requirements. Your continued use of our Platform following any notice of changes to this Policy means you accept such changes. Please refer to the “Effective Date” above for details on when this Policy was last updated.

‍19. CONTACT US

‍If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at privacy@poweredbyash.com.