Your.MD Privacy Policy

Your.MD Privacy Policy (v.3, last update August 2017)

WE RESPECT YOUR PRIVACY We respect your privacy and we take protecting it seriously. If you have any privacy related concerns, please contact us at: care@your.md

Your.MD Services (hereinafter referred to as: ‘’Services’’) is offered by Your.MD Limited, incorporated and registered in the UK with company number 08727263 whose registered office is at 36 Soho Square, London 2nd Floor, W1D 3QY, UK (hereinafter referred to as: ‘’Your.MD’’).

YOUR CONSENT Before you start using the Services you will need to actively accept this Privacy Policy and confirm that you have read and agreed to our data processing practices as described herein. By doing so, you consent to the collection and usage of your data, so please read this Privacy Policy carefully. We do not share any of your Profile Data with our OneStop Health™ Partners. We share collected data with our Providers only for the purposes of offering the Services to you and improving your user experience. If there is anything you do not understand, please contact us.

This privacy statement describes how Your.MD collects and uses the information and/or data (the terms are used interchangeably) you provide. It also describes the choices available to you regarding our use of your information and how you can access the information. We will never use your data for any purpose not explicitly stated herein. Your.MD Services should only be used by persons over the age of 13 or older and capable in your country of residence of entering into legal binding agreement to use our Service.

COLLECTION OF INFORMATION In order for you to be able to use our Services, we need to collect limited information (the term is used collectively for the information stated below).

Technical Information • Device model, screen information, mobile service provider, installed App version, OS version, location (country and city), time zone • IP address, Your.MD unique identifier • User’s interaction with the App/Services • FB Messenger, Kik, Skype, Slack, Telegram and other messenger identifiers (when using Your.MD services on these messenger platforms) • Logs with technical information as stated above Analytical Information • Device model, screen information, mobile service provider, installed App version, OS version, location (state and city) • IP address • Logs with technical data as described under Technical Information

Symptom Checker Information • Your Profile – full name, year of birth, gender, e-mail address, location (not specific enough to identify a street), time zone, Services preferences (push notifications enabled etc.), Country of residence, FB and/or Google account information (used for sign in and identification purposes only), messengers information • Additional Users Profiles - name (family name not required), year of birth, gender • Third Party Profile - name (family name not required), year of birth, gender • Chat History (your search history, selected symptoms, probable conditions, personal factors that affect the diagnosis (age and gender), reasons for you not understanding our Symptom Checker, whether the questions asked are deemed irrelevant, the fact that you do not have the condition our Symptom Checker calculated based on your entries) • Notes inserted by you via Health Tracker (available only for some versions of our Services and currently not used outside the Health Tracker)

USE OF INFORMATION We use your data to provide our Services and to make constant improvements with troubleshooting, testing, research, internal analytics and surveys to ensure the best user experience, but only on an anonymised basis. When you use our OneStop Health™ Platform you accept our Provider’s privacy policies available in the section “Our Providers’’.

Your Profile We use Your Profile (and Additional User profiles you may insert) information for the purposes of the Symptom Checker to help us better understand your reported symptoms. You can set up an account by signing in with your Google or Facebook account. By doing so you give us permission to access and use your information as permitted by such services. We will use your Google/Facebook data and email address obtained from such services for identification purposes.

Symptom Checker We use Technical, Symptom Checker and Your/Additional User Profile Information to be able to provide the Symptom Checker service to you. The Symptom checker will ask you questions to assess the most likely conditions, based on your reported symptoms. To ensure your anonymity, we store the Chat History and Your Profile data in a separate locations, meaning that whatever you type into our Symptom Checker is not directly connected to Your/Additional Users Profile data. With the help of the Your.MD identifier, we can use the Chat Data (including age and location, but not your name or email) for internal analytics and research to improve our Services and the Symptoms Checker’s calculations algorithm in an anonymised way. For example, if you tell our Symptom Checker that the information it provided was not relevant, we can research the inserted information without personally identifying you via your name or e-mail.

We will store our Symptom Checker’s calculations in the Health Tracker section of our App/Services (for iOS) or in the ''Profile'' section under ''Consultations'' to enable you to keep track of your Consultation Reports. We also use the Chat History to send you follow-up notifications for relevant conditions (for Android only). We will ask you if you are feeling any better and provide useful information according to your response. Please see the Opt-Out Section of this Privacy Policy for the instructions about enabling/disabling push notifications.

OneStop Health™ Platform We use the information that was calculated by our Symptom Checker to present the services that might be useful based on your reported symptoms. Our OneStop Health™ Platform consists of vetted professional health providers who supply specific services, treatments and products to help you with staying healthy and medical or health related problems. We will not disclose any of your information to our Providers within the OneStop Health™ Platform. If you click on the link provided within the chat, or click on one of the Providers within the OneStop Health™ section of our Services, you will leave our Services and be redirected to our Providers’ service. Please be aware that by doing so, your data processing will be governed by our Providers’ Privacy Policy. Please see the links in Section “Our Providers’’.

Health Goals We can help you stay focused on your health priorities. Via our Health Goals section, you can choose the health-related topics that are of interest to you and we will send you useful and actionable information, written by doctors.

Health Tracker Our Health Tracker service enables you to store information about your wellbeing and your Chat History (for some versions, while in other consultations are stored in the ''Profile'' area of our Services under section ''Consultations''). Some version will store this information only if you tell us that the calculation of our Symptom Checker was useful. Newer versions allow you to delete Consultation Reports by clicking on the trash bin icon at the top right side of the Report. You can also add your own data via the notes section (only in some versions of our Services) and sync with your health and fitness apps data to get useful insights relevant for your health. We will use this data only on an anonymised basis to help improve our Services.

Health Quizzes We store the data related to your interactions with our quizzes on an anonymised basis to improve your experience.

Health A-Z or Library (in newer versions) You can find health conditions within the ''Health A-Z'' or ''Library'' (for newer versions) section of our Services. We do not store the information about the conditions within the ''Health A-Z'' section or ''All Articles'' you click on. You can store preferred Articles in newer versions of our Services by clicking on the ''Save Article'' icon and the Article will be saved in the ''Library'' under the ''Saved Items'' section. You can review saved articles without an internet connection.

HealthKit for iOS users Our App uses HealthKit to make your user experience better. Data gathered from HealthKit and also any other health or fitness data (“HealthKit Data’’) gathered from our Services will never be used for advertising or data mining purposes neither used for or disclosed to any third parties. We will use HealthKit Data solely for providing our Services, namely for the purpose of providing health, motion, and/or fitness services in connection with our Services, to improve health management, or for the purpose of health research, all with your permission only. We do not use iCloud services for storing your HealthKit data and neither should you. We do not conduct health-related human subject research.

E-mail We will only use your information to send you the articles about the topics you mark you would like to receive in the Health Goals section of our Services. We can also send you e-mails to update you about our Services, but you are free to opt out at any time. We will use the e-mail to inform you about material changes to our privacy policy or to respond to your query.

Improving our Services We use your data to improve our services and your experience with conducting internal analytics, troubleshooting, testing, research and surveys, but only on anonymised basis. To ensure your anonymity, we store the collected data and Your Profile data in a separate database, meaning that any information we gather from you within the Services is not connected to your name or e-mail. For example, if we want to improve the Health Tracker, your data will be aggregated in most cases and if we need to access a specific Profile, we will do so by using the Your.MD ID so that your name or email will not be seen.

OUR PROVIDERS We cannot provide all services necessary for the successful operation of our Services by ourselves. We therefore share collected information with our Providers for the purposes of offering the Services to you and improve your user experience.

ANALYTICS PROVIDERS We use the information we collect with the help of our Analytics Providers to constantly improve our Services and make it better for you. We chose our Providers carefully and we set the most restrictive controls they offer to ensure they do not use your data for any purposes other than providing services to us.

Google Analytics Firebase Google Analytics allows customers to share their account data with other products and services. We use your data only for the purposes of our internal analytics to improve our Services and we do not allow sharing of your data with other parties and their products or services. For more information, please see https://support.google.com/analytics/answer/6004245?hl=en

AWS Analytics AWS Analytics does not access or use your data for any purpose other than to provide services to us, as legally required and for maintaining the AWS services. We have chosen strong encryption for your data. For more information, please see. https://aws.amazon.com/privacy/

ONESTOP HEALTH™ PLATFORM PROVIDERS We will not provide any of Your Profile or Chat History information to our Providers. We choose our Providers carefully and we request that they use your data solely for the purposes of providing their services to you. If you click on the link provided within the chat or click on one of the Providers within the OneStop Health™ section of our Services, you will leave our Services and be redirected to our Providers’ service. Please be aware that by doing so, your data processing will be governed by our Provider’s Privacy Policies. Please see the links below.

Our OneStop Health™ Platform consists of vetted providers who supply specific services, treatments and products to help with medical or health related problems. We use the information calculated by our Symptom Checker data to present you the services in your local area that might be useful. We do not share Your Profile data or Chat History with our OneStop Health™ Providers. Any information you disclose while using the OneStop Health™ Platform is disclosed only to the Provider and is governed by its Privacy Policy. For our service to be free, we need to track which of our Providers’ customers come from our Services. This means that your IP address will be disclosed to the OneStop Health™ Providers should you choose to visit their service. We require our Providers to adhere to our Best Practice Guidelines. Your opinion counts and you are very welcome to share any positive or negative experiences you might have with our Providers via care@your.md.

Although we choose our Providers carefully, we are not responsible for the actions of these companies, the content of their sites, products or services, the use of information you provide to them, or any products or services they may offer. Our links to the OneStop Health™ Platform Providers and any other third parties’ services does not constitute our sponsorship of, or affiliation with, these companies. Nor is such linking an endorsement of such third party’s privacy or information security policies or practices, or their compliance with laws. Information collected by third parties, which may include personal information is governed by their privacy practices. The Providers and other third parties websites or services may place their own cookies or other files on your computing or smart device, collect information or solicit personal information from you. We encourage you to learn about the privacy practices of Providers and third parties with which you interact. We are not responsible or liable for your interaction with Providers and third parties, the information requests initiated by them, or the subsequent use, treatment or dissemination of information you voluntarily choose to provide to them.

Addicaid
Akira
Altbibbi
Ask The Midwife
Doctor Care Anywhere
Doctify
Doctor Insta
Dr. Morton’s
Eyr Medical, Eyr Medical
GetDoc
Golden Era Club, RevereCare, Cera
GPDQ
healthexpress
health trader
MDalgorithms – MDAcne
Mimi
MyMeds
mySugr
National Migraine Centre
PlusGuidance
Push Doctor
TrialReach – Antidote
Urban Massage
Daily Yoga
My Pocket Doctor
NHS Choices
Samsung Health
Cera
MyPocketDoctor
Antidote
Brook
Mdacne
Natural Cycles
London Osteoporosis Clinic
Hay Fever Relief
Firstcheck
1mg
Life Circle
Doctor On Call
ConnectMed
Thriva
Obino
MyHouseCall
Bisa
PAPYRUS
Quit Genius
PayAsUGym
Portea
Supercarers
HelloDoctor

TRACKING PROVIDERS We request from our tracking providers to use the collected data only for providing services to us whereas any other usage is prohibited. We share only your IP address.

In order for our Services to be free, we need to know how many users visit our OneStop Health™ Providers. We use the HOKO tracking Provider to track the visits to OneStop Health™ Providers from our Services. HOKO can use the data collected from you solely to the extent needed to track sessions for Your.MD and to adapt the service to our preferences, whereas any other usage of such data including, but not limited to, building a users’ profile, tracking for the purposes of behavioral advertising, disclosing users’ data to third parties is strictly prohibited. HOKO may transfer (or otherwise make available) data only to third parties that process such information on HOKO's behalf in order for HOKO to be able to provide the HOKO Service, under the condition that such third parties adhere to the same limitations about the usage of data as HOKO. For more information, please see https://hokolinks.com/privacy-policy

Some of our Partners on OneStop Health™ may insist on third party tracking providers. We enable such services only upon confirmation by our Partners that the data collected, namely IP address will be used solely for the purposes as described in this Privacy Policy. The data they collect after you consent, sign up or use their services are governed by their privacy policies.

THIRD PARTY TECHNOLOGY To make our Services simple to use, you can use it with these messengers: FB Messenger, Telegram, Kik, Slack and Skype (“Messengers’’). To make our Health Tracker more efficient, you can also sync your data from other service providers with our Health Tracker. When you use our Services via Messengers or in combination with other services, your data processing is governed by their individual privacy policies you accepted when registering for their service, so please read their respective privacy policies carefully before you start using their services.

Skype Our Your.MD bot on Skype is enabled by Microsoft Bot Framework. The Microsoft Bot Framework is a set of web-services that enable intelligent services and connections using conversation channels you authorize. As a service provider, Microsoft will transmit content you provide to our bot/service in order to enable the service. For more information about Microsoft’s privacy policies, please see their privacy statement here: http://go.microsoft.com/fwlink/?LinkId=521839.

FB Messenger, Free Basics https://www.facebook.com/help/238318146535333?helpref=hc_global_nav, https://developers.facebook.com/docs/privacy, Slack, Kik , Telegram , WeChat , Samsung, S Health , http://shealth.samsung.com/policy, Free Basics Platform.

FB and Google Accounts You can set up an account only by signing in with your Google or Facebook account. By doing so you give us permission to access and use your information from that service as permitted by that service. We use your email to identify your identity in the Profile tables. https://www.google.com/policies/privacy/ https://www.facebook.com/policy.php

SHARING OF INFORMATION Sometimes we need to disclose the Information for other lawful purposes, as customary for all developers.

Apart from sharing the information with our Analytics and OneStop Health™ Providers, as stated in Section “Our Providers’’ and “Usage of Information’’, we may also disclose information in the following cases: • if required by law, for example to comply with a court order, subpoena, regulation, legal process or other governmental request; • to exercise or protect the rights, property or personal safety of the Company, our users or others; • to enforce this privacy statement, including investigation of potential violations thereof; • upon fulfilling legal requirements of local legislation to supply certain services/information a third party might legally request from us • to detect, prevent, or otherwise address fraud, security or technical issues; • if Your.MD is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your information via our website; • to respond to claims that any content published within our Services violates any right of a third party

STORING OF INFORMATION AND SECURITY We follow generally accepted industry standards and internal procedures to protect information submitted to us, during transmission, storing and processing. If you have any concerns about the security of our Services, please contact us at care@your.md.

We have restricted access to production environments and monitoring of user activities. The Information is encrypted and key protected, and we have integrated commercially reasonable efforts to assure that your information remains secure when maintained by us. However, please be aware that no security measures are perfect or impenetrable.

We use AWS hosting for storing of information and they provide multiple security certificates. For more information, please see https://aws.amazon.com/security/.

The data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our Providers. By downloading our Services, you agree to the transfer, storing and processing as stated herein. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

DELETION OF INFORMATION We store your information for as long as needed to provide our Service. We may store the information longer, but only in a way that it cannot be tracked back to you. When the information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use.

EU Territory We store Personal Information, namely IP Address, email and Your.MD identifier for the duration of the provision of our Services or period of inactivity, after which we will ask you if we can delete your account prior to deleting it. Traffic information is erased or made anonymous when it is no longer needed for the purpose of the transmission or, in the case of payable services, up to the end of the period during which the bill may lawfully be challenged or payment pursued. Location information is stored to the extent and for the duration necessary for the provision of a value-added service. Cookies, direct marketing and provision of value-added services information (including traffic information used for these purposes) is stored as long as the same is necessary for the provision of these activities, or up to the time when a user opts out from such use in accordance with this Privacy Policy. Other information is stored for as long as we consider it to be necessary for the provision of our Service. This Section shall not prevent any technical storage or access to information for the sole purpose of carrying out the transmission of a communication or as strictly necessary in order for us to provide the service you requested.

US Territory We will retain collected information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable legislation. We will delete your account after a long term of inactivity and your confirmation we can do so.

Storing might be different depending on the territory of collecting the information and the applicable legislation, but we always strive to store the information only as long as it is needed for the purposes of providing, improving or personalizing our Services.

OPT-OUT We make sure we do not collect more information than is needed to provide our Services and we strive to limit our Providers to do so as well. We have integrated protocols to allow us to process your data in an anonymised way, but you are always free to opt out of the information collection by not using our Services. You can deactivate local notifications by changing the notification settings in accordance with the instructions of the operating system running on your device.

E-mail: You can opt out from e-mail notifications by unsubscribing or sending us a request to privacy@your.md iOS: You will be asked to accept or refuse push notifications after the App is downloaded. If you do not accept, you will not receive push notifications. Please note that if you accept, mobile phones will allow you to disable push notifications later on by using the settings on your mobile phone. Website: You can turn off the use of cookies at any time by changing your specific browser settings. Android: After an App is downloaded, you will automatically receive push notifications. You can always disable those within the mobile phone settings.

YOUR.MD WEBSITE Your.MD's website does not collect any personal information and we do not share any information with third parties, nor do we store any information about your visit to our website other than to analyse and optimise your content and reading experience through the use of cookies. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie policy available at http://www.your.md/cookie-policy. You can turn off the use of cookies at anytime by changing your specific browser settings. Your.MD is not responsible for republished content from our website on other websites without our permission.

CHANGES TO THE PRIVACY POLICY We may update this Privacy Policy to reflect the changes in our information processing practices. Because we are constantly adding new services and features, we might not make an immediate upgrade of the Privacy Policy, unless in case of material changes to our data processing practices. We encourage you to periodically review http://www.your.md/privacy or ''About Your.MD'' section of our Services for the latest information on our privacy practices. You will be informed about changes to our data processing practices within the ‘’What’s New’’ section of our Services or with a push notification. You understand that we integrate new Providers on OneStop Health™ weekly, so if you do not see the Provider's Privacy Policy stated herein, please contact us for the latest information.

CONTACT AND ACCESS TO PERSONAL INFORMATION If you have any questions, please contact us at: care@your.md

Your.MD is a trademark of YOUR.MD AS, incorporated and registered in Norway with company number 999260993 whose registered office is at c/o Advokatfirmaet Simonsen Vogt Wiig AS, Filipstad Brygge 1 , 0252 Oslo,Norway and it is offering the Your.MD Services (hereinafter referred to as: “Services’’ or “App’’) via its subsidiary Your.MD Limited, incorporated and registered in UK with company number 08727263 whose registered office is at this date at 36 Soho Square, London 2nd Floor, W1D 3QY, UK (hereinafter collectively referred to as: ‘’Your.MD’’).

We are committed to keep your information accurate, complete and up-to-date. You can request that we correct or delete the information, provided that we are not required to retain such information by law or for legitimate business purposes. To make such request or ask us about this privacy statement please send us an email to care@your.md. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

Your.MD,

Matteo Berlucchi, CEO