Privacy Policy

Last updated: November 28, 2018

Privacy Policy

Amerihealth Group LLC (“WeHealth,” “we,” “us”) is concerned about privacy issues and wants

you to be familiar with how we collect, use and disclose information. This Privacy Policy

describes our practices in connection with information that we collect through WeHealth mobile

software application (“App”), website located at www.agurgentcare.com, www.wehealth.nyc, and

www.wehealthapp.com (together, “Website”), our Facebook page, our Twitter page, other social

media pages, as well as HTML-formatted email messages that we send to you or receive from you

(collectively, the “Platform”). Please note that the Privacy Policy applies only to our online

information-gathering and dissemination practices in connection with the Platform and does not

apply to any of our practices conducted offline. If you have any questions or comments about the

Privacy Policy or our privacy practices, please contact us by calling 1-888-525-0650 and ask to

speak to the Privacy and Security Officer.

1. Acceptance of terms. Your use of the Platform, signifies that you agree with all the terms of

this Privacy Policy, so please do not use the Platform, if you disagree with any part of this Privacy

Policy.

2. Personal Information. We automatically track certain basic information about our users and

their in-App and Website actions. We use this information to do internal research on our members’

usage patterns, interests and general behavior to better understand and serve you and our

community. We collect information about you and your use of the Platform, which may include

the following (and which may change from time to time):

• your email address;

• your first and last name;

• your gender;

• your date of birth;

• your telephone numbers;

• your address;

• your billing address;

• photos you upload;

• additional information shared by you;

• a password selected by you;

• your credit or debit card information;

3. Protected Health Information. The Health Insurance Portability and Accountability Act of

1996 (HIPAA) is a federal program that requires that all medical records and other individually

identifiable health information used or disclosed by us in any form, whether electronically, on

paper, or orally, are kept properly confidential. This Act gives you significant rights to understand

and control how your health information is used. HIPAA provides penalties for covered entities

that misuse Protected Health Information. Examples of Protected Health Information are:

• demographic information that may identify you;

• social security number;

your past, present or future physical or mental health or condition and related health care

services.

4. Other Information. We may collect information such as:

• images and other information from your device’s camera and photos (with your consent);

• message(s) you send to us;

• information we receive from other sources, such as public databases as well as from other

third parties;

• your location;

• information we receive from other members or third parties about your activities or

posting(s) on the Platform.

5. App and Website analytics partner. We currently contract with online partners to help manage

and optimize our business and communications. We use the services of App and Website analytics

partners to help us measure the effectiveness of our advertising, and how visitors use the App and

Website.

6. Use of Personal Information. We use the information we collect about you:

• To respond to your inquiries and fulfill your requests;

• To keep a record of your contact information and correspondence, and use it to respond to

you, if you contact us through the Platform;

• To send administrative information, for example, information regarding the Platform and

changes to our terms, conditions, and policies;

• For our business purposes, such as data analysis, audits, fraud monitoring and prevention,

enhancing, improving or modifying our Platform, identifying usage trends, determining

the effectiveness of our promotional campaigns and operating and expanding our business

activities;

• As we believe to be necessary or appropriate: (a) under applicable law, including laws

outside your country of residence; (b) to comply with legal process; (c) to respond to

requests from public and government authorities including public and government

authorities outside your country of residence; (d) to enforce Terms of Use; (e) to protect

our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or

property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available

remedies or limit the damages that we may sustain;

• To create a better, more personalized experience for you based on your individual usage

habits, improve our marketing and promotional efforts, analyze App and Website usage,

and customize our App’s and Website’s content and layout in order to better meet your

needs;

• To use for promotional, sales or any use that we consider appropriate, your correspondence

with us, or photographs submitted for publication in the App or Website.

7. Disclosure of Personal Information. We may disclose the information we collect about you:

• To our affiliates and partners for purposes described in this Privacy Policy, consistent with

our goal of providing the highest level of service;

• To our third-party service providers that provide services such as App and Website

hosting, Platform-related consulting and monitoring, data analysis, information

technology and related infrastructure, customer service, email delivery, auditing and other

similar services;

• Posted by you on the Platform or provided by you through registration process;

• To a third party (whether affiliated or unaffiliated with us) in the event of any

reorganization, merger, sale, joint venture, conveyance, assignment, transfer or other

disposition of all or any portion of our business, assets or interests (including in connection

with any bankruptcy or similar proceedings);

• As we believe to be necessary or appropriate: (a) under applicable law, including laws

outside your country of residence; (b) to comply with legal process; (c) to respond to

requests from public and government authorities including public and government

authorities outside your country of residence; (d) to enforce Terms of Use; (e) to protect

our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or

property, and/or that of our affiliates, you or others; (g) to allow us to pursue available

remedies or limit the damages that we may sustain; and (h) respond to claims that any

posting or other content of our Website violates the rights of third parties, including

without limitation providing information necessary to satisfy the notice and counter-notice

procedures pursuant to the Digital Millennium Copyright Act. You authorize us to disclose

any information about you to law enforcement or other government officials as we, in our

sole discretion, believe necessary or appropriate, in connection with an investigation of

fraud, intellectual property infringements, or other activity that is illegal or may expose us

or you to legal liability. Without your affirmative consent, we do not sell, rent or otherwise

share your personally identifiable information with other third parties, unless otherwise

required as described above.

8. Collection of Personal Information and Other Information. We and our third-party service

providers may collect information about you in a variety of ways, including:

• Through your browser or device: certain information is collected by most browsers or

automatically through your device, such as your Media Access Control (MAC) address,

computer type, screen resolution, operating system name and version, device manufacturer

and model, language, Internet browser type and version and the name and version of the

Platform (such as the App) you are using. We use this information to ensure that the

Platform function properly;

• Using cookies: cookies are pieces of information stored directly on the device that you

are using. We may use cookies in connection with the Platform;

• Using pixel tags and other similar technologies: Pixel tags (also known as web beacons

and clear GIFs) may be used in connection with the Platform to, among other things, track

the actions of users of the Platform (including email recipients), measure the success of

our marketing campaigns and compile statistics about usage of the Platform and response

rates;

• IP Address: your “IP Address” is a number that is automatically assigned to the device

that you are using by your Internet Service Provider (“ISP”). An IP Address may be

identified and logged automatically in our server log files whenever a user accesses the

Platform, along with the time of the visit and the page(s) that were visited. Collecting IP

Addresses is standard practice and is done automatically by many websites and

applications. We use IP Address for purposes such as calculating usage levels of the

Platform, helping diagnose server problems, and administering the Platform;

• From you: information, such as your location, as well as other information, such as your

preferred means of communication, is collected when you voluntarily provide this

information. Unless combined with Personal Information, this information does not

personally identify you or any other user of the Platform;

• By aggregating information: aggregated Personal Information does not personally

identify you or any other user of the Platform.

9. Use and Disclosure of Protected Health Information. We may use and disclose your

Protected Health Information in the following ways:

For purposes of treatment, payment, and healthcare operations. For example:

o We may disclose your protected health information to another physician or

healthcare provider for purposes of a visit or in connection with the provision of

follow-up treatment;

o We may use and disclose your protected health information to your health insurer

or health plan in connection with the processing and payment of claims and other

charges;

o We may use and disclose your protected health information in connection with its

healthcare operations, such as providing customer services and conducting quality

review assessments. We may engage third parties to provide various services for

us. If any such third party must have access to your protected health information in

order to perform its services, we will require that third party to enter an agreement

that binds the third party to the use and disclosure restrictions outlined in this

Notice;

Upon your written authorization, to the extent such use or disclosure is consistent with your

authorization. You may revoke any such authorization at any time;

To the extent required by law;

Under the following unique circumstances:

o To public health authorities or other governmental authorities for purposes

including preventing and controlling disease, reporting child abuse or neglect,

reporting domestic violence and reporting to the Food and Drug Administration

regarding the quality, safety and effectiveness of a regulated product or activity.

We may, in certain circumstances disclose protected health information to persons

who have been exposed to a communicable disease or may otherwise be at risk of

contracting or spreading a disease or condition;

o As authorized by, and to the extent necessary to comply with, workers’

compensation programs and other similar programs relating to work-related

illnesses or injuries;

o To a health oversight agency for authorized activities such as audits, investigations,

inspections, licensing and disciplinary actions relating to the healthcare system or

government benefit programs;

o As permitted by applicable law, in response to an order from a court or

administrative agency, or in response to a subpoena or discovery request;

o To a law enforcement official, such as for purposes of identifying or locating a

suspect, fugitive, material witness, or missing person;

o To coroners, medical examiners, and funeral directors for purposes such as

identification, determining the cause of death and fulfilling duties relating to

decedents;

o For the purposes of organ donation and transplantation;

o For research purposes;

o If necessary to prevent or lessen a serious and imminent threat to the health or safety

of a person or the public;

o Of persons who are, or were, in the Armed Forces for purposes such as ensuring

proper execution of a military mission or determining entitlement to benefits;

o To federal officials for intelligence and national security purposes.

10. Your Rights Regarding Your Protected Health Information. You have the following rights

regarding the Protected Health Information maintained by us:

• Confidential Communication. You have a right to receive confidential communications

of your Protected Health Information. You may request that we communicate with you

through alternate means or at an alternate location, and we will accommodate your

reasonable requests. You must submit your request in writing to us;

• Restrictions. You have a right to request restrictions on certain uses and disclosures of

Protected Health Information for treatment, payment, or healthcare operations. You also

have a right to request that we restrict disclosures of Protected Health Information to only

certain individuals involved in your care or the payment of your care. You must submit

your request in writing to us. We are not required to comply with your request. However,

if we agree to comply with your request, we will be bound by such agreement, except when

otherwise required by law or in the event of an emergency;

• Inspection and Copies. You have a right to inspect and copy your Protected Health

Information. You must submit your request in writing to us. We may impose a fee for the

costs of copying, mailing, labor, and supplies associated with your request. We may deny

your request to inspect and/or copy your protected health information in certain limited

circumstances. If that occurs, we will inform you of the reason for the denial, and you may

request a review of the denial.

• Amendment. You have a right to request that we amend your Protected Health

Information if you believe it is incorrect or incomplete, and you may request an amendment

for as long as the information is maintained by us. You must submit your request in writing

to us and provide a reason to support the requested amendment. We may, under certain

circumstances, deny your request by sending you a written notice of denial. If we deny

your request, you will be permitted to submit a statement of disagreement for inclusion in

your records.

• Accounting of Disclosures. You have a right to receive an accounting of all disclosures

we have made of your Protected Health Information. However, that right does not include

disclosures made for treatment, payment, or healthcare operations, disclosures made to you

about your treatment, disclosures made pursuant to an authorization, and certain other

disclosures. You must submit your request in writing to us and you must specify the time

period involved (which must be for a period of time less than six years from the date of the

disclosure). Your first accounting will be free of charge. However, we may charge you for

the costs involved in fulfilling any additional request made within a period of 12 months.

We will inform you of such costs in advance, so that you may withdraw or modify your

request to save costs.

• Breach Notification. You have a right to be notified in the event that we discover a breach

of Protected Health Information.

If you would like to obtain further information on how we may process your Protected Health

Information or would like to make a formal complaint, please contact us at WeHealth, Attn:

Compliance Officer, 2071 Flatbush Ave, Brooklyn, NY 11234. Moreover, you have a right to file

a complaint with the U.S. Department of Health and Human Services.

11. Use and Disclosure of Other Information. Please note that we may use and disclose Other

Information for any purpose, except where we are required to do otherwise under applicable

law. If we are required to treat Other Information as Personal Information under applicable law,

then we may use it as described in this Privacy Policy, as well as for all the purposes for which we

use and disclose Personal Information. In some instances, we may combine Personal Information

and Other Information (such as combining your name with your geographical location). If we

combine any Personal Information and Other Information, the combined information will be

treated by us as Personal Information as long as it is combined.

12. Third party services. This Privacy Policy does not address, and we are not responsible for,

the privacy, information or other practices of any third parties, including any third party operating

any website, application or service to which the Platform may link. The inclusion of a link on the

Platform does not imply endorsement of the linked site, application, or service by us or by our

affiliates. Please note that we are not responsible for the collection, usage, and disclosure policies

and practices (including the data security practices) of other organizations, such as any application,

social media platform, or wireless service provider, including any personal information you

disclose to other organizations through or in connection with the Platform.

13. Security. We seek to use reasonable organizational, technical, and administrative measures to

protect Personal Information within our organization. Unfortunately, no data transmission or

storage system can be guaranteed to be 100% secure. If you have reason to believe that your

interaction with us is no longer secure (for example, if you feel that the security of any account

you might have with us has been compromised), please immediately notify us of the problem by

contacting us in accordance with this Privacy Policy.

14. Your choice regarding our use of your Personal Information for marketing purposes. If

you no longer want to receive marketing-related emails from us on a going-forward basis, you may

opt-out from receiving these marketing-related emails by contacting us by sending us a written

request. We will try to comply with your request(s) as soon as reasonably practicable. Please note

that if you do opt-out of receiving marketing-related emails from us, we may still send you

important administrative messages, and you cannot opt-out from receiving administrative

messages.

15. How you can change or suppress your Personal Information. You may request to correct,

update, suppress, or otherwise modify any of your Personal Information that you have previously

provided to us through the Platform, or object to the use or processing of such Personal Information

by us. In your request, please make clear what Personal Information you would like to have

changed, whether you would like to have your Personal Information that you have provided to us

suppressed from our database or otherwise let us know what limitations you want to place upon

your Personal Information which you have provided to us. For your protection, we may only

implement requests with respect to the Personal Information associated with the particular email

address that you use to send us your request, and we may need to verify your identity before

implementing your request. We will try to comply with your request as soon as reasonably

possible. Please note that we may need to retain certain information for recordkeeping purposes,

and there may also be residual information that will remain within our databases and other records,

which will not be removed.

16. Retention period. We will retain your Personal Information for the period necessary to fulfill

the purposes outlined in this Privacy Policy, unless a longer retention period is required or

permitted by law. We will retain in our files information you may have requested us to remove if,

in our discretion, retention of the information is necessary to resolve disputes, troubleshoot

problems or to enforce the Terms of Use Agreement. Furthermore, your information is never

completely removed from our databases due to technical and legal constraints (for example, we

will not remove your information from our back up storage).

17. Use of electronic communication by minors. The Platform is not directed to individuals

under the age of eighteen (18) (“minors”), and we request that these individuals not provide

Personal Information through the Platform. However, a parent or legal guardian of a minor may

provide such minor’s Personal Information on his or her behalf to enable the Platform to provide

its services to the minor.

18. Cross-border transfer. The Platform is controlled and operated by us from the United States

and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other

than that of the United States. Your Personal Information may be stored and processed in any

country where we have facilities or in which we engage service providers, and by using the

Platform you consent to the transfer of information to countries outside of your country of

residence, including the United States, which may have different data protection rules than those

of your country.

19. GDPR disclaimer. The Platform is not intended to be used by individuals residing in the

European Union, is not advertised or directed towards individuals residing in the European Union,

and is not hosted on websites, platforms, or is using technology or similar that is located or

operated inside the European Union. The provisions contained in this Privacy Policy may or may

not be compliant with European Union law, including its General Data Protection Regulation

(“GDPR”), or affiliated or similar laws. However, we make good faith efforts to comply with

GDPR, and to that end we provide the following “GDPR Statement”:

If our Privacy Policy is subject to GDPR, then the following applies:

(a) At WeHealth, we recognize the sensitive nature of the personal data we

collect and the importance of protecting it. The GDPR requires us to obtain consent from European

Union (“EU”) residents before using their data in any way. It also entitles them to access their data

and ask for it to be removed and forgotten from any databases on request.

(b) Below is a list of privileges and how you can exercise these privileges and

rights included with GDPR.

(c) You have a right to consent to how WeHealth uses your data. Below is a list

of the data points we collect and how they are used. We never abuse your information. Along with

consenting, you also have the right to withdraw your consent.

(d) We collect data, including:

• First Name – used as a contact point reference

• Last Name – used as a contact point reference

• Email Address – used as a contact point

• Phone Number – used as a contact point

• Interest – used to track the brand(s) you’re interested in

• Source – used to track how you found WeHealth

• Other Text Field Box – collects any information you wish to provide

us

(e) Your data is used for marketing emails and marketing promotions such as

newsletters, informational updates about WeHealth, and invitations to special events, webinars,

and conferences.

(f) Your data is stored for an indefinite matter of time if you don’t notify

WeHealth via the below methods to remove it. In the case that WeHealth tries to contact you and

your email address and/ or phone number are no longer viable, your information will be declared

inactive and WeHealth will not continue to attempt contact. If your contact information is updated

with viable information, our records will be declared active as long as you haven’t exercised your

right to revoke consent or be forgotten.

(g) Under GDPR you have the right to ask for all the data collected on you.

Your data is stored in a secure database. It will take up to 72 hours to retrieve and send you

collected data. The data will be provided in the form on a spreadsheet and sent via personal email.

(h) Your right to be forgotten refers to your right to have your information

wiped from our database. If you wish for your information to be removed please call us at 1-800-

WeHealth and we’ll confirm your information is removed via email within 72 hours.

(i) If you wish to submit a formal complaint against how your data is being

used, collected, or stored by WeHealth, call us at 1-800-WeHealth.

(j) If you’ve consented to receive messages from us and need to revoke that

consent, please contact us at 1-800-WeHealth and we’ll update our records and ensure your data

is not stored. We’ll confirm your withdrawal via email within 72 hours.

20. Sensitive information. Please do not send us, and do not disclose, any sensitive Personal

Information (e.g., Social Security numbers, information related to racial or ethnic origin, political

opinions, religion or other beliefs, criminal background, or trade union membership) on or through

the Platform or otherwise to us.

21. Updates to this privacy policy. We may change this Privacy Policy. Please take a look at the

“Last Updated” legend at the top of this Privacy Policy to see when this Privacy Policy was last

revised. Any changes to this Privacy Policy will become effective when we post the revised

Privacy Policy in the App or on the Website. Your use of the Platform after those changes means

that you accept the revised Privacy Policy.

22. Paper Copy. You have a right to obtain a paper copy of this Privacy Policy. To obtain a paper

copy of this Privacy Policy, please contact us by calling 1-800-WeHealth.

23. Dispute Resolution. Any dispute, claim or controversy arising out of or relating to this Privacy

Policy or previous Privacy Policy statements shall be resolved through negotiation, mediation and

arbitration as provided under our Terms of Use Agreement.

24. ADA Compliance, Disabilities, Accessibility. WeHealth attempts to make its information

accessible to all individuals. If you use special adaptive equipment and encounter problems when

using our Platform, please report them using the following contact information: 1-800-WeHealth.

We will let you know if the information is available in an alternate format. We strive to meet World

Wide Web Consortium (W3C) Recommendations and other web industry standards, specifically

conforming to HTML 5, CSS Level 3, WAI-ARIA, and the U.S. Access Board’s Section 508

guidelines.

WeHealth is committed to making its Platform available to as many people as possible and

makes every effort to ensure its communications are accessible to those with special needs,

including those with visual, hearing, cognitive and motor impairments.

If you come across a page you find difficult to use, please contact us at 1-800-WeHealth.

25. Violation of Privacy Rights. You may notify us and the Secretary of the Department of Health

and Human Services if you believe that your privacy rights have been violated. To file a complaint

with us, you must submit a statement in writing to WeHealth, Attn: Compliance Officer, 2071

Flatbush Ave, Brooklyn NY 11234. WeHealth will not retaliate against you for filing a complaint.

26. Contacting us. If you have any questions about this Privacy Policy, please contact us by calling

1-800-WeHealth and ask to speak to the Privacy and Security Officer. To the extent you are

required to send a written request to us to exercise any right described in this Notice, you must

submit your request to WeHealth, Attn: Compliance Officer, 2071 Flatbush Ave, Brooklyn, NY

11234.

All materials © 2018 WeHealth unless otherwise noted. All rights reserved.