iGuideMedical Privacy Policy

Please Read Each Agreement Carefully

iGuideMedical.com Privacy Policy

Privacy Policy Highlights
These “Privacy Highlights” provide an overview of some core components of our data handling practices. Please be sure to review the Full Privacy Statement.

Information We Collect
We generally collect the following information:

Information we receive when you use our Services.
We collect Web-Behavior Information via cookies and other similar tracking technologies when you use and access our websites, mobile apps, products, software and other services (“Services” or “Service”). See our Cookie Policy for more information.

Information you share directly with us.
We collect and process your information when you register on any iGuideMedical.com Inc. (“iGM”) website, or website “Powered By iGuideMideical.com”, or website “iGuideMedical.com Powered” (“Service”), enter information, place an order, create an account, complete research surveys, post on our Forums or use other messaging features, and contact Customer Success. This information can generally be categorized as Registration Information, Individual-level, Self-Reported Information, and/or User Content as defined in our full Privacy Statement.

Information from your progression with activities and self-assessments.
With your consent, we extract information on your progression with the activities presented to you through the iGM website including information from self-reported assessments.

How We Use Information
We generally process Personal Information for the following reasons:

To provide our Services.
We process Personal Information in order to provide our Service, which may include processing payments, shipping location and recipient data for any products you may order from the Marketplace, creating customer accounts and authenticating logins, and delivering activity progression and self-assessment results and powering tools such as Member Readiness and User Reported Outcomes.

To analyze and improve our Services.
We constantly work to improve and provide new reports, tools, and Services. We may also need to fix bugs or issues, analyze use of our website to improve the customer experience or assess our marketing campaigns.

For iGuideMedical.com Inc. Patient Reported Outcome Initiative (“iGM PRO Initiative”), with your consent.
If you choose to consent to participate in iGM PRO Initiative, iGM researcher coordinators can include your de-identified Individual-level and Self-Reported Information in a large pool of member and customer data incluceded in data sets shared with third party research organizations for analyses aimed at making scientific discoveries.

Control: Your Choices
iGM gives you the ability to share information in a variety of ways. You choose:
Which activities, assessments and report(s) you view and/or opt-in to use or report progress on.
When and with whom you share your information, including friends, family members, health care professionals, or other individuals outside our Services, including through third party services that accept iGM data and social networks.

To give or decline consent for iGM PRO Initiative.
By agreeing to the Research iGM PRO Initiative Consent Document you can give consent for the use of your data for scientific research purposes.

To delete your iGM account and data, at any time.

Access To Your Information
Your Personal Information may be shared information in the following ways:

With research collaborators, only if you have given your explicit consent to opt into the iGuideMedical.com Patient Reported Outcome Initiative (“iGM PRO Initiative”).
iGM will not sell, lease, or rent your individual-level information to any third party or to a third party for research purposes without your explicit consent.
We do not share customer data with any public databases.
We will not provide any person’s data to an insurance company or employer.
We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information (visit our Transparency Report).

How We Secure Information
iGM implements measures and systems to ensure confidentiality, integrity, and availability of iGM data.

De-identification/Pseudonymization, encryption, and data segmentation.
Registration Information is kept separate from Sensitive Information. Registration information is then assigned a random ID so the person who provided the data cannot reasonably be identified. iGM uses industry standard security measures to encrypt sensitive personal data both when it is stored (data-at-rest) and when it is being transmitted (data-in-flight). Additionally, data are segmented across logical database systems to further prevent re-identifiability.
Limiting access to essential personnel. We limit access of information to authorized personnel, based on job function and role. iGM access controls include multi-factor authentication, single sign-on, and a strict least-privileged authorization policy.
Detecting threats and managing vulnerabilities. iGM uses state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. We have integrated continuous vulnerability scanning in our build pipeline

Risks and Considerations
There may be some consequences of using iGM Services that you haven’t considered.
You may discover things about yourself that may be upsetting or cause anxiety and that you may not have the ability to control or change.
In the event of a data breach it is possible that your data could be associated with your identity, which could be used against your interests.

Full Privacy Statement
This Privacy Statement applies to all websites owned and operated by iGuideMedical.com, Inc. (“iGM”), including www.iGuideMedical.com, www.VeinCareiGuide.com, websites marked with “Powered by iGuideMedical.com”, “iGuideMedical.com Powered”, and any other websites, pages, features, or content we own or operate, and to your use of any iGM mobile app and any related Services. Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services.

Please carefully review this Privacy Statement and our Terms of Service. By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with, or you are not comfortable with any aspect of this Privacy Statement or our Terms of Service you should immediately discontinue use of our Services.

Contents
Key Definitions
Information we collect
Information you provide directly to us
Information related to Self-Assessments
Information collected through tracking technology
Other types of information
How we use your information
To provide you with Services and analyze and improve our Services
To process, analyze and deliver your progression and self assessment results
To allow you to share your Personal Information with others
To allow you to share your Personal Information for research purposes
To recruit you for external research
To provide customer support
To conduct surveys or polls, and obtain testimonials
To provide you with marketing communications
Information we share with third parties
General Service Providers
“Targeted advertising” service providers
Aggregate Information
Information we share with commonly owned entities
As required by law
Business Transactions
Your choices
Access to your account
Marketing communications
Sharing outside of the iGM Services
Account Deletion
Security Measures
Children’s Privacy
Linked Websites
Information for Customers in Designated Countries
Privacy Shield
Our relationship with you
Legal bases for processing Personal Information from the EU
Direct Marketing
Privacy Rights
Complaints
Changes to this Privacy Statement
Contact information

1. Key Definitions
Activities: information presented to the user providing them with instructions and potentially other pertinent information such as a target level of achievement, location, and contact information to support an activity a user may wish to engage with as part of the service.
Aggregate Information: information that has been combined with that of other users which may be analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.
De-identified Information: information that has been stripped of your Registration Information (e.g., your name and contact information) and other identifying data such that you cannot reasonably be identified as an individual, also known as pseudonymized information.
Individual-level Information: information a user enters into the Service relating to that single person.
Personal Information: information that can be used to identify you, either alone or in combination with other information.
Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information).
Self-Assessments: information the user chooses to input which describes the user’s own, then current, assessment regarding the subject matter.
Self-Reported Information: information you provide to us, either through the Services or through a third party, including all user input relating to Activities, Self-Assessments and other forms presented by the Service with which the user has chosen to interact with while signed in to a Service or that you authorize a third party to provide to iGM.
Service or Services: any websites, mobile apps, products, software and/or content iGuideMedical.com, Inc. (“iGM”) makes available to Users.
User(s)/Customer(s)/Member(s): you and/or a group of people like you who are engaged with the Service
User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials – other than Individual-level Information and Self-Reported Information, users enter into and/or transmit through the Service, whether publicly or privately, to or through iGM.
Web-Behavior Information: information on how you use iGM Services collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).

2. Information we collect
Information you provide directly to us
Registration Information. When you create a iGM account and register for our Services, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
Individual Information. You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g., eye color, height), ethnicity, disease conditions, other health-related information (e.g. pulse rate, cholesterol levels, visual acuity), and family history information (e.g. information similar to the foregoing about your family members). Before you disclose information about a family member, you should make sure you have permission from the family member to do so.
User Content. Some of our Services allow you to create and post or upload content, such as data, text, software, music, audio, photographs, graphics, video, messages, or other materials that you create or provide to iGM through either a public or private transmission (“User Content”). For example, User Content includes any discussions, posts, or messages you send on iGM’s Forums.
Blogs and Forums. Our Services my offers publicly accessible blogs. Additionally, iGM customers may participate in our online Forums. You should be aware that any information you provide or post in these areas may be read, collected, and used by others who access them. To request that we remove or de-identify your Personal Information from our blog or Forums, contact us at privacy@iGuideMedical.com. Please note that whenever you post something publicly, it may sometimes be impossible to remove all instances of the posted information, for example, if someone has taken a screenshot of your posting. Please exercise caution before choosing to share Personal Information publicly on our blogs, Forums or in any other posting. You may be required to register with a third party application to post a comment. To learn how the third party application uses your information, please review the third party’s privacy statement.
Social media features and widgets. Our Services include Social Media Features, such as the Facebook “Like” or “Share” button and widgets (“Features”). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy statements of the third party companies providing them. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our website or Service.
Third party services (e.g., social media). If you use a third party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person’s name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers) depending on your privacy settings on the third party site. We do not control the third party site’s information practices, so please review the third party’s privacy statement and your settings on the third party’s site carefully.
Third party sign in. You may create a iGM account and/or sign in to our Services using an account you created with a third party service, such as Google. If you provide authorization to iGM, we will collect and use the information you share with us via that third party service (such as your email address, name, and date of birth as specified in your third party service account) in accordance with this Privacy Statement. You are responsible for managing your credentials for your third party service account, and for maintaining the security of your third party service account. iGM does not have access to the credentials for your third party service account. If you choose to use third party sign in and you lose access to your credentials for your third party service account, you may not be able to access your iGM account. You may manage authorization for third party sign in through your iGM Profile or through your third party service account.
Referral information and sharing. Should you refer a person to iGM or choose to share your iGM results with another person, we will ask for that person’s email address. We will use their email address solely, as applicable, to make the referral or to communicate your sharing request to them, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for iGM to communicate (e.g., via email) with him or her. The person you referred may contact us at privacy@iGuideMedical.com to request that we remove this information from our database.
Gifts. If you provide us with Personal Information about others, or if others give us your information, for the purpose of offering the Service, or acquiring items from the Marketplace as a gift, we will only use that information for the specific reason for which it was provided to us. In the case of gifting Services, once the recipient registers for his or her Services and agrees to our Privacy Statement, our Terms of Service, and if applicable, certain iGM PRO Initiative Consent Documents, his or her Personal Information will be used in manners consistent with this Privacy Statement, and will not be shared with the purchaser, unless they independently choose to share their own Personal Information through the Services with the purchaser. In the case of gifting items from the Marketplace the Service will request consent from the recipient to receive further communications from iGM or third parties for purposes related to products and services provided by iGM or third parties. Please note that when purchasing items from the Marketplace you may be transferred to a third party to finalize a purchase directly with that third party and as such you should review the third party’s privacy and terms of service to ensure you wish to proceed with interaction with the third party.
Customer service. When you contact Customer Success or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyze and improve our Services.

Web-Behavior Information collected through tracking technology (e.g. from cookies and similar technologies)
We and our third party service providers use cookies and similar technologies (such as web beacons, tags, scripts and device identifiers) to:
help us recognize you when you use our Services;
customize and improve your experience;
provide security;
analyze usage of our Services (such as to analyze your interactions with the results, reports, and other features of the Service);
gather demographic information about our user base;
offer our Services to you;
monitor the success of marketing programs; and
serve targeted advertising on our site and on other sites around the Internet.
If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited. For more information, including the types of cookies found on iGM and how to control cookies, please read our Cookie Policy.

We may receive reports based on the use of these technologies from third party service providers as de-identified, Individual-level Information or as Aggregate Information (as described in section 4.c).
Analytics. Analytics is used to perform many of the tasks listed above. We use an Analytic-ID feature of our Services for the analytics to combine behavioral information across devices and sessions (including authenticated ad unauthenticated sessions). We use analytics features for: remarketing, displaying impressions, demographics and interest reporting, and ad campaign integration. We do not merge information collected through any analytics with individual-level information collected elsewhere by our Service.

Other Types of Information
We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.

3. How we use your information
iGM will use and share your Personal Information with third parties only in the ways that are described in this Privacy Statement.

To provide you with Services and analyze and improve our Services
We use the information described above in Section 2 to operate, provide, analyze and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:
open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalized content and information, and tracking your usage of our Services;
contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
enforce our Terms of Service and other agreements;
monitor, detect, investigate and prevent prohibited or illegal behaviors on our Services, to combat spam and other security risks; and perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
For individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland (collectively the “Designated Countries”): We process your Personal Information in this way to provide our Services to you in accordance with our Terms of Service. See Section 9 of this Privacy Policy for more details.

To process and display your Individual-level and Self-Reported Information
The Service uses Individual-level and Self-Reported Information you input in to process and display to you a history of your level of interaction, level of completion, progression or achievement related to any of the presented Activities and Self-Assessments you have chosen to provide information on.
Any third parties, if you have provided explicit consent opting into the iGM PRO Initiative, will also be able to view your history of your de-identified Individual-level, level of completion, progression or achievement related to Activities and Self-Assessments you have chosen to provide information on.
For individuals located in the Designated Countries: Our legal basis for processing your Sensitive Information for the purposes described above is based on your consent. You may withdraw your consent at any time by deleting your Account via your Profile, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

To allow you to share your Personal Information with others
The Service may give you the ability to share information, including Personal Information, through the Services. You have the option to share directly with individuals with iGM accounts through our Forums and other sharing features and tools. You may also have the ability to share information directly with individuals who have not participated in our Service via a unique, shareable URL or through a social media platform (such information is “User Content”). Some sharing features, including receiving sharing invitations, may require that you opt-out, however you will always be required to take a positive action, such as opting in, to share sensitive data.
For individuals located in the Designated Countries: Our legal basis for processing your Personal Information for the purpose described above is based on your consent. You may withdraw your consent at any time, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

To allow you to share your Personal Information for iGM PRO Initiative purposes
You have the choice to participate in iGuideMedical.com Patient Reported Outcome Initiative (“iGM PRO Initiative”) by providing your consent. iGM PRO Initiative refers to research aimed at actions such as publication in peer-reviewed journals and other research funded by entities such as the federal government (such as the National Institutes of Health – NIH) or other third party organization having an interest in a relevant topic.

iGM PRO Initiative may be sponsored by, conducted on behalf of, in collaboration with, or conducted by third parties, such as non-profit foundations, academic institutions, device manufacturers or pharmaceutical companies. An iGM PRO Initiative may study a specific group or population, identify potential areas or targets for devices or therapeutics development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve health care. iGM PRO Initiative uses Aggregate de-identified Individual-level and Self-Reported Information as specified in the appropriate iGM PRO Initiative Consent Document(s), as explained in greater detail below.

Your De-identified Personal Information may be used for iGM PRO Initiative only if you have consented to this use by completing an iGM PRO Initiative Consent Document. If you have completed iGM PRO Initiative Consent Document:
Your Personal Information will be used for research purposes, but it will be de-identified and will not be linked to your Registration Information.
iGM may use Personal Inoformation internally at iGM for research purposes.
iGM may share summary statistics, which do not identify any particular user, with our qualified research collaborators.

Withdrawing your Consent. You may withdraw your consent to participate in iGM PRO Initiative at any time by changing your consent status within your Profile. If you experience difficulties changing your consent status, contact Member-Success@iGuideMedical.com. iGM will not include your Personnal Information in studies that start more than 30 days after you withdraw (it may take up to 30 days to withdraw your information after you withdraw your consent). Any research involving your data that has already been performed or published prior to your withdrawal from iGM PRO Initiative will not be reversed, undone, or withdrawn. You may also discontinue your participation in iGM PRO Initiative by deleting your iGM account.

What happens if you do NOT consent to iGM PRO Initiative? If you choose not to complete a iGM PRO Initiative Consent Document or any additional agreement with iGM, your Personal Information will not be used for iGM PRO Initiative. However, your de-identified Individual-level and Self-Reported Information may still be used by us and shared with our third party service providers to as outlined in this Privacy Statement.
For individuals located in the Designated Countries: Our legal basis for processing your Sensitive Information for the purpose described above is based on your consent. You may withdraw your consent at any time, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
To recruit you for external research
Research is an important aspect of iGM’s Services and we want to ensure interested participants are aware of additional opportunities to contribute to interesting, novel scientific research conducted by academic institutions, healthcare organizations, device manufacturers, pharmaceutical companies, and other groups. If you have chosen to participate in iGM PRO Initiative, from time to time we may inform you of third party research opportunities for which you may be eligible. For example, if a university tells us about a new research project, we may send an email to iGM research participants who potentially fit the relevant eligibility criteria based on their Individual-level or Self-Reported Information to make them aware of the research project and provide a link to participate with the research organization conducting the study. However we will not share Personal Information with any third party without your consent. If you do not wish to receive these notifications, you can manage them by editing your preferences in your Profile.

For individuals located in the Designated Countries: Our legal basis for processing your Sensitive Information for the purpose described above is based on your consent. You may withdraw your consent at any time, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

To provide customer support
When you contact Member Success, we may use or request Personal Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behavior that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.

For individuals located in the Designated Countries: Our legal basis for processing your Personal Information for the purpose described above depends on the nature of the customer support request. Our legal basis can be to satisfy our contractual or legal obligations and/or our legitimate interest to improve our Services.

To conduct surveys or polls, and obtain testimonials
We value your feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them in your Profile.

For individuals located in the Designated Countries: Our legal basis for processing your Personal Information for the purpose described above is based on our legitimate interest. We think it is important to continue improving our Services to ensure your continued enjoyment.

To provide you with marketing communications
By creating a iGM account, you are agreeing that we may send you product and promotional emails or notifications about our, and third party, Services, and offers on new products, services, promotions or contests. You may also opt-in to receiving similar notifications on the website or mobile application(s). You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link or go to your Profile to edit your email notification preferences. To opt-out of receiving website and mobile notifications, you may do so within your browser or device settings. Please note, the opt-out process differs between web browsers and mobile devices. You may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.

4. Information we share with third parties
General service providers.
We share the information described above in Section 2 with our third party service providers, as necessary for them to provide their services to us and help us perform our contract with you. Service providers are third parties (other companies or individuals) that help us to provide, analyze and improve our Services. iGM uses third party service providers to assist in supporting our Services, including in the following areas:

Order fulfillment and shipping. Our payment processor processes certain Registration Information, such as your billing address and credit card information, as necessary to enable you to purchase items from the Service Marketplace.
Member Success support. Our Member Success team uses a number of tools to help organize and manage the requests we receive. These tools help to ensure we provide timely, high quality support.
Cloud compute, transmission, storage, IT, and Security. Our cloud infrastructure providers provide secure compute, transmission and storage of information used to provide and collect data for iGM Services, ensure that our infrastructure can support continued use of our Services by iGM customers, and protect availability of the Service in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third party experts perform regular penetration tests and periodically audit iGM’s security controls.
Marketing and analytics. When you use our Service, including our website or mobile app(s), our third party service providers may collect Web-Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns.
NOTE: Our service providers act on iGM’s behalf. We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.

“Targeted advertising” service providers
We permit third party advertising networks and providers to collect Web-Behavior Information regarding the use of our Services to help us to deliver targeted online advertisements (“ads”) to you. They use cookies and similar technologies, to gather information about your browser’s or device’s visits and usage patterns on our Services and on other websites over time, which helps to better personalize ads to match your interests, and to measure the effectiveness of ad campaigns. For more information about our marketing practices, please review our Cookie Policy.

Aggregate Information
We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from “Individual-level” information and is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. For example, Aggregate Information may include a statement that “30% of our female users maintain an average of 83% performance again target”,” without providing any data specific to any individual user. In contrast, Individual-level Information or Self-Reported Information consists of data about a single individual’s activities as related to those Activities presented by the Service to the individual, procedures, or other traits/characteristic information and could reveal whether a specific user has a particular condition. iGM will ask for your consent to share Individual-level Information with any third party, other than our service providers as necessary for us to provide the Services to you.

Information we share with commonly owned entities
We may share some or all of your information including, Personal Information, Individual-level and Self-Reported information with other companies under common ownership or control of iGM, which may include our subsidiaries, our corporate parent, or any other subsidiaries owned by our corporate parent in order to provide you better service and improve user experience. We may provide additional notice and ask for your prior consent if we wish to share your Personal Information with our commonly owned entities in a materially different way than discussed in this Privacy Statement.

As required by law
Under certain circumstances your Personal Information may be subject to processing pursuant to laws, regulations, judicial or other government subpoenas, warrants, or orders. For example, we may be required to disclose Personal Information in coordination with regulatory authorities in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. iGM will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that iGM may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce the iGM Terms of Service and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of iGM, its employees, its users, its clients, and the public.

NOTE: If you are participating in iGM PRO Initiative, iGM will withhold disclosure of your Personal Information involved in such Research in response to judicial or other government subpoenas, warrants or orders in accordance with any applicable Certificate of Confidentiality that iGM may obtain from the National Institutes of Health (NIH).

Business transactions
In the event that iGM goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.

5. Your choices
Access to your account
We provide access to your iGM data within your iGM account. You can access and request your Personal and Indivual-level data by iGM within your Profile. If you lose access to your iGM account or account email address, please contact Member_Success@iGuideMedical.com for assistance. If you lose access to your iGM account, in certain circumstances, we may require that you submit additional information sufficient to verify your identity before providing access or otherwise releasing information to you. If you choose not to submit the required documentation, or the information provided is not sufficient for the purposes sought, iGM will not be able to sufficiently verify your identity in order to complete your request.

You may access, correct or update most of your Registration Information on your own within your Profile. You may also review and update your consent to iGM PRO Initiative in your Profile. Please note that you may not be able to delete User Content that has been shared with others through the Service and that you may not be able to delete information that has been shared with third parties.

Individuals located in Designated Countries should review Section 9. to understand their rights to access Personal Information.

Marketing communications
As noted in Section 3. you may be asked to opt-in to receive product and promotional emails or notifications when creating your iGM account or when using iGM Services. You may view or update your notification preferences for marketing communications by visiting your Profile, opting out at the browser or device level, or by contacting our Member Success team at Member_Success@iGuideMedical.com. You can also click the “unsubscribe” button at the bottom of promotional email communications, as applicable.

Sharing outside of the iGM Services
You may decide to share your Personal Information with friends and/or family members, doctors or other health care professionals, and/or other individuals outside of our Services, including through third party services such as social networks and third party apps that connect to our website and mobile apps through our application programming interface (“API”). These third parties may use your Personal Information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy statements of all other third parties involved in the transaction. iGM does not endorse or sponsor any third party applications, and does not affirm the accuracy or validity of any interpretations made by third party applications.

In general, it can be difficult to contain or retrieve Personal Information once it has been shared or disclosed. iGM will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others. Likewise, if you are reading this because you have access to the Personal Information of a iGM customer through a multi-profile account, we urge you to recognize your responsibility to protect the privacy of each person within that account. Users with multi-profile accounts (i.e., where you have invited other family members access to your account) should use caution in setting profile-level privacy settings.

Account deletion
If you no longer wish to participate in our Services, or no longer wish to have your Personal Information be processed, you may delete your iGM account and Personal Information within your Profile and submitting a request for iGM to delete your account. Once you submit your request, we will send an email to the email address linked to your iGM account to confirm your deletion request. Once you confirm your request to delete your account and data, your account will no longer be accessible while we process your request. Once you confirm your request, this process cannot be cancelled, undone, withdrawn, or reversed. When your account is deleted, all associated Personal Information is deleted subject to the following limitations:

Information previously included in iGM PRO Initiative. As stated in any applicable iGM PRO Initiative Consent Document, Individual-level and/or Self-Reported Information that you have previously provided and for which you have given consent to use in iGM PRO Initiative cannot be removed from completed studies that use that information. Your data will not be included in studies that start more than 30 days after your account is closed (it may take up to 30 days to withdraw your information after your account is closed).
Legal Retention Requirements. iGM will retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a limited period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.

6. Security measures
iGM takes seriously the trust you place in us. iGM and iGM third party providers implement physical, technical, and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information.
iGM produces secure applications by design. iGM incorporates explicit security reviews in the software development lifecycle, quality assurance testing and operational deployment.
De-identification/Pseudonymization. Registration Information is stripped from Sensitive Information, including Self-Reported Information. This data is then assigned a randomly generated ID so an individual cannot reasonably be identified.
Encryption. iGM uses industry standard security measures to encrypt Sensitive Information both at rest and in transit.
Separation of Environments. iGM ensures production, and research environments are separated and access is restricted. Data, including Registration Information and Self-Reported Information are segmented across logical database systems to further prevent re-identifiability.
Limiting access to essential personnel. We limit access to Personal Information to authorized personnel, based on job function and role. iGM access controls include multi-factor authentication, single sign-on, and strict least-privileged authorization policy.
Detecting threats and managing vulnerabilities. iGM and our third party service providers use state of the art intrusion detection and prevention measures to stop any potential attacks against its networks. iGM and our third party service providers employ continuous vulnerability scanning and periodic penetration tests.
Incident Management. iGM maintains a formal incident management program designed to ensure the secure, continuous delivery of its Services. iGM has implemented an incident management program using industry best practices, including guidance from the National Institute of Standards and Technology (NIST).
Managing third party service providers. iGM requires service providers to implement and maintain accepted industry standard administrative, physical and technical safeguards to protect Personal Information.
Your Responsibility. Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify iGM of any unauthorized use of your password. iGM cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in the United States or any other country in which iGM or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.

7. Children’s privacy
iGM is committed to protecting the privacy of children as well as adults. Neither iGM nor any of its Services are designed for, intended to attract, or directed toward children under the age of 18.

8. Linked websites
The Service may provide links to third party websites operated by organizations not affiliated with iGM. iGM does not disclose your information to organizations operating such linked third party websites. iGM does not review or endorse, and is not responsible for, the privacy practices of these organizations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by iGM and our service providers on our behalf.

9. Information for Customers in Designated Countries
Section 9 only applies to individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland (the “Designated Countries”).

Our relationship with you
We are the “controller” with respect to your Personal Information because we determine the means and purposes of processing your information when using our Services.

Legal bases for processing Personal Information from the EU
We describe how we process your Personal Information in Sections 2 through 4 of this Privacy Statement. We may process your Personal Information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of iGM, our customers or others.

Direct Marketing
We will obtain your consent where required to send you marketing communications using electronic means. You may withdraw your consent at any time within your Profile or by emailing member_success@iguidemedical.com. We will only contact you by electronic means (email, push notification, SMS, etc.) with information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.

We will only share your Personal Information with third parties for marketing purposes with your explicit consent. If you do not want us to use your Personal Information in this way, please review and update your Profile as necessary or contact us at Member_Success@iGuideMedical.com. You may raise such objection with regard to initial or further processing for purposes of direct marketing at any time and free of charge. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
Other marketing activities will happen based on the legitimate interests of iGM. E.g., where we tailor marketing communications or send targeted marketing messages via post, phone or social media and other third party platforms; and in providing existing customers with information (via email or other channels) about similar products and services.

Privacy Rights
You can exercise your privacy rights by following the instructions below or contacting us at Member_Success@iGuideMedical.com. We will handle your request under applicable law. When you make a request, we may verify your identity to protect your privacy and security.

Right to withdraw consent. To the extent iGM requests and you provide your consent to the processing of your Personal Information, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
Right of access to and rectification of your Personal Information. Our site allows you to access and rectify certain Registration Information within your Profile. You can request to receive a copy of your raw Registration information in your Profile. If you would like to access or rectify any other information, you can modify through your Profile page or by contacting us at Member_Success@iGuideMedical.com and we will do our best to assist you without undue delay. We may reject part or all of your request if responding to your request could adversely affect the rights and freedoms of others.
Right to erasure (or, “Right to be Forgotten”). As explained under Section 5 (“Account Deletion”), we allow our customers to delete their accounts at any time. You can request erasure of Personal Information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing to which you previously consented, but later withdrew such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your Personal Information public and we are required to erase such Personal Information, we will take reasonable steps, including technical measures, to inform controllers that are processing any links to or copies or replications of your Personal Information of your erasure request. Our assistance with your request for erasure is subject to limitations by relevant data protection laws, available technology and the cost of implementation.
Right to data portability. If we process your Personal Information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your Personal Information in a structured, commonly used and machine-readable format, and to have us transfer your Personal Information directly to another controller, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your Personal Information.
Right to restriction of our processing. You can restrict our processing of your Personal Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by iGM (for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead; (c) iGM no longer needs the Personal Information for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether iGM’s legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
Notification of erasure, rectification and restriction. We will provide notice to each recipient that we disclosed your Personal Information to regarding any rectification or erasure of Personal Information or restriction of processing, unless you initiated the disclosure or providing notice proves impossible or involves disproportionate effort. Upon your request, we will share the list of recipients with you.
Right to object to processing. Where the processing of your Personal Information is based on consent, contract, or legitimate interests described under the Legal Bases for Processing heading above, you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.
Retention of your Personal Information. Unless you make a request for us to delete your account or delete certain Personal Information (i.e., User Content, etc.), we will store your Personal Information as long as your account is open. If you request to delete your account, we will take the steps described under “Your Choices – Account Deletion” and delete all your Personal Information, unless a longer retention period is required or permitted by law.
The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfillment of such right would, among other things:
cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
breach or prejudice the rights of confidentiality and security of others;
prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
Complaints
If you believe that we have infringed your rights, we encourage you to contact us so that we can try to address your concerns or dispute informally. Our contact information is:

Global Privacy Officer,
iGuideMedical.com, Inc.,
Privacy-Office@iGuideMedical.com
PO Box 1062
Rye, NH 03870

You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.

10. Changes to this Privacy Statement
Whenever this Privacy Statement is changed in a material way, a notice will be posted as part of this Privacy Statement and on our website for 30 days. After 30 days the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective. iGM may provide additional “just-in-time” disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify iGM’s privacy practices or may provide you with additional choices about how iGM processes your Personal Information.

11. Contact Information
If you have questions about this Privacy Statement, or wish to submit a complaint, please email iGM’s Privacy Administrator at igm_privacy@iguidemedical.com, or send a letter to:

Global Privacy Officer,
iGuideMedical.com, Inc.,
Privacy-Office@iGuideMedical.com
PO Box 1062
Rye, NH 03870