PRIVILEGED & CONFIDENTIAL

EFFECTIVE DATE: April 14, 2021

TunedCare, Inc. (“TunedCare”, “we”, “us” or “our”) values your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website at www.tunedcare.com (the “Site”) and users of the services available through our Site (collectively, the “Services”), and how we use and disclose that information. By visiting the Site, or using any of our Services, you agree that your personal information will be handled as described in this Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy and the Terms of Use, including its applicable limitations on damages and provisions for the resolution of disputes. For the purposes of this Policy, personal information is information that identifies, relates to, or can be used to identify you, as well as information that is protected as personal information under applicable laws.

The Information We Collect About You

We collect information about you directly from you and from third parties, as well as automatically through your use of our Site or Services.

Information We Collect Directly From You. You may browse certain areas of the Site without registering with us or providing us personal information. If you register for our Services as a customer, then you must provide your name, email and zipcode. If you register for our Services as an audiologist, we collect your name, email, phone, address, state in which you are licensed, and payment information (credit card information) that is processed by our third-party credit card processor which complies with the Payment Card Industry Data Security Standard (PCI-DSS).

In addition, if you use our Services to make a purchase, you may be asked to provide payment, billing and shipping information from you, including credit card information and billing and shipping addresses. Credit cards are processed by our third-party credit card processor which complies with PCI-DSS. Billing and shipping information may be shared with third-party vendors that we retain to ship any products you order from us.

Our Services include the ability to take hearing assessments to assist you in identifying products you may want to purchase. Our Services also include the ability for you to connect with an audiologist to share your assessments and discuss your hearing needs. Audiologists may collect information on your medical status and upload diagnostics to the Services. We do not store or maintain such information that you may share with your audiologist. Such information will be subject to the HIPAA -Notice of Privacy Practices set forth below.

In addition, if you are providing personal information for third parties in connection with using our Services, you are responsible for ensuring that you have all required permissions and consents to provide such personal information to us for use in connection with the Services and that our use of such personal information to provide the Services does not violate any applicable law, rule, regulation or order.

Information We Collect Automatically. We may automatically collect the following information about your use of our Site or Services through cookies and other technologies: your domain name; your browser type and operating system; web pages you view; links you click; your IP address; the length of time you visit our Site or use our Services; and the referring URL, or the webpage that led you to our Site. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other personal information. Please see the section “Our Use of Cookies and Other Tracking Mechanisms” below for more information

How We Use Your Information

We use your information, including personal information, for the following purposes:

• Provide Our Services

We use your information to communicate with you about your use of our Site and Services, to provide our Sites and Services (such as hearing assessments), to respond to your inquiries, to fulfill your orders, and for other customer service purposes.

• Provide Personalized Services

We use your information to tailor the content and information that we may send or display to you, to offer location customization and personalized help and instructions, and to otherwise personalize your experiences while using the Site and Services.

• Improve and Develop Our Services

We use your information to ensure our Site and Services are working as intended, to better understand how users access and use our Site and Services, both on an aggregated and individualized basis, to make improvements to our services, to develop new Services, and for other research and analytical purposes.

• Offer Promotions

We use your information for marketing and promotional purposes. For example, we may use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our Services on third-party websites.

• Comply With Legal Obligations, Prevent Fraud, and Protect Rights or Property

We use your information as necessary to comply with our legal obligations, respond to law enforcement inquiries, comply with legal process (e.g., warrant, subpoena, civil discovery or investigative demand), to enforce or defend legal claims, prevent fraud and protect the security of our systems, prevent injury or damage, and protect our rights or property or the rights or property of others.

How We Share Your Information

We may share your information, including personal information, as follows:

Consent. Where you have provided consent, we share your information, including personal information, as described at the time of consent, such as when you authorize a third-party application or website to access your TunedCare account or when you participate in promotional activities conducted by TunedCare partners or third parties. For example, we request your consent to send you email communications about products and Services available through our Site. You can withdraw your consent at any item by contacting us at support@tunedcare.com.

Vendors. Our Site and Services allow users to make purchases of various hearing-related products. We share certain shipping and billing information with the vendors of such products so that they can fulfill your order.

Audiologists. Our Site and Services may allow you to connect and communicate directly with audiologists. Information that is provided to audiologists is subject to our HIPAA Notice set forth below.

Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries solely for the purpose of providing Services to you; however, if we do so, their use and disclosure of your personally identifiable information will be maintained by such affiliates and subsidiaries in accordance with this Policy.

Service Providers. We may disclose the information we collect from you to third-party vendors, service providers, contractors or agents who perform functions on our behalf.

Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another entity in connection with a transaction or as part of a bankruptcy proceeding, or are in negotiations for any of these types of transactions, we may transfer the information we have collected from you to the other company or entity.

In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.

To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which we are involved.

Aggregate and De-Identified Information. We may share aggregate or de-identified information about users and their use of the Services with third parties and publicly for marketing, advertising, research or similar purposes.

Please note that except as noted above, we will not sell or share your personal information with any third party for their direct marketing purposes without your consent.

Our Use of Cookies and Other Tracking Mechanisms

We and our service providers use cookies and other tracking mechanisms to track information about your use of our Site and Services. We may combine this information with other personal information we collect from you (and our third-party service providers may do so on our behalf).

Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies), but such disabling will impair use of the Site and Services.

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Services. There are two types of cookies: session and persistent cookies.

Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site. Examples of session cookies include session_id and _secure_session_id, which are unique tokens that allow our third-party ecommerce provider, Shopify, to store information about your session.

Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity. Examples of persistent cookies include _shopify_visit, which is used by our website provider’s internal stats tracker to record the number of visits; _shopify_uniq, which counts the number of visits to a store by a single customer; cart, which is a unique token that stores information about the contents of your cart; and storefront_digest, which is a unique token used to determine if a TunedCare user is permitted to have access to an account. Some of these persistent cookies expire after a certain period of time, others remain on your computer indefinitely.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will not be able to browse certain areas of the Site or use the Services.

Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site and our Services. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Services, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services. We do not share your personal information with these third parties.

Third-Party Links.

Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Security of My Personal Information

We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity. websites.

Do You Sell My Personal Information?

We do not sell your personal information for monetary or other valuable consideration, as such terms are defined under California and Nevada law. However, if you want to opt-out of any sales, you may contact us at support@tunedcare.com.

What Rights Do I Have Regarding My Personal Information?

You may request access to, a copy of, and the modification or deletion of personal information that you have submitted to us by contacting us at support@tunedcare.com. We will use reasonable efforts to accommodate such requests to the extent required by law, provided that we may be required to retain personal information to comply with legal obligations, accounting requirements, or for other business purposes. We may request additional information to verify the identity of the requesting party before responding to a request. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Site for a period of time.

What Choices Do I Have Regarding Use of My Personal Information for Marketing?

We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.

Location of Information

Our Site and Services are offered from the United States and are solely for use within the United States at this time. We store any information we collect in the United States. If you access the Services or Site from outside the United States, you agree to the transfer of your information to the United States, which may have less protections for your personal information than your jurisdiction of residence.

Children Under 13

Our Site and Services are not designed for children under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems.

Contact Us

If you have questions about the privacy aspects of our Site or Services or would like to make a complaint, please contact us at support@tunedcare.com.

Changes to This Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on the Site. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site or, if you have an account with us, providing notice to the email address in your account (for this reason you should make sure to update your account information promptly if it changes).

HIPAA - Notice of Privacy PracticesThis HIPAA- Notice of Privacy Practices (“Notice”) describes how we and the audiologists that use our Services may use and disclose your protected health information (“PHI”) to carry out treatment, payment, and health care operations and for other purposes that are permitted or required by law. This Notice also describes your rights and our duties with respect to your PHI. You have a right to receive a paper copy of this Notice.

PHI for purposes of this Notice, is generally any information that identifies you and is created, received, maintained, or transmitted by audiologists using the Services in the course of providing their consultation and advice to you.

We are required by the Health Insurance Portability and Accountability Act, as amended (“HIPAA”) and other applicable laws to maintain the privacy of PHI, to provide notice of our and the audiologist’s legal duties and privacy practices, and to notify affected individuals following a breach of unsecured PHI.

We reserve the right to change this Notice and make the new Notice apply to PHI we already have as well as any information we receive in the future. This Notice applies to the audiologists for whom we provide the Services to connect with you. For purposes of this Notice, “we”, “us” and “our” refers to both TunedCare and the audiologists using the Services.

A. Uses and Disclosures of Your Protected Health Information

The following categories describe the different ways in which we may use and disclose your PHI

1. Treatment. We may use your PHI to assess your hearing needs and properly identify the type of hearing product that best suits you and to address your hearing needs and treatment options. Additionally, we may disclose your PHI to others who may assist in your care, such as your spouse, children or parents. Finally, we may also disclose your PHI to other health care providers for purposes related to your care.
2. Payment. We may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. For example, if applicable, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment. We also may use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, such as family members. Also, we may use your PHI to bill you directly for services and items. We may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
3. Health Care Operations. We may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our business may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.
4. Appointments and Health-Related Benefits and Services. We may contact you to schedule and provide appointment updates. We may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you. You also have the right to request that we not send you any future marketing materials, and we will use our best efforts to honor such request.
5. Individuals Involved in Your Care. We may, from time to time, disclose PHI to designated family, friends and others who are involved in your care or in payment of your care in order to facilitate that person’s involvement in caring for you or paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited PHI with such individuals without your approval. We may also disclose limited PHI to a public or private entity that is authorized to assist in disaster-relief efforts in order for that entity to locate a family member or other persons that may be involved in some aspect of caring for you.
6. Business Associates. Certain aspects and components of our Services are performed through contracts with outside persons or organizations, such as video conference providers, auditing, accreditation, outcomes data collection, legal services, etc. At times, it may be necessary for us to provide your PHI to one or more of these outside persons or organizations who assist us with our health care operations. In all cases, we require these associates to appropriately safeguard the privacy of your information.
7. Disclosures Required by Law. We will use and disclose your PHI when we are required to do so by federal, state or local law.
8. Public Health Risks. Our business may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
   • Reporting problems with products.
   • Notifying individuals if a product they may be using has been recalled.
9. Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
10. Lawsuits and Similar Proceedings. We may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena, or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
11. Law Enforcement. We may release PHI if asked to do so by a law enforcement official:
    • Regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement.
    • Concerning a death we believe has resulted from criminal conduct.
    • In response to a warrant, summons, court order, subpoena or similar legal process.
    • To identify or locate a suspect, material witness, fugitive or missing person.
    • In an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).
12. Workers’ Compensation. We may release your PHI for workers’ compensation and similar programs.

B. Your Rights Regarding Your PHI

You have the following rights regarding the PHI that we maintain about you:

1. Access to Your Protected Health Information. You have the right to copy and/or inspect much of the PHI that we retain on your behalf. For PHI that we maintain in any electronic designated record set, you may request a copy of such PHI in a reasonable electronic format, if readily producible. Requests for access must be made in writing and signed by you or your legal representative. You may obtain an Access Request Form by emailing us at info@tunedcare.com.
2. Amendments to Your Protected Health Information. You have the right to request in writing that PHI that we maintain about you be amended or corrected. We are not obligated to make requested amendments, but we will give each request careful consideration. All amendment requests must be in writing, signed by you or legal representative, and must state the reasons for the amendment/correction request. If an amendment or correction request is made, we may notify others who work with us if we believe that such notification is necessary. You may obtain an Amendment Request Form by emailing us at [insert email.]
3. Requesting Restrictions. You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; however, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies or when the information is necessary to treat you. In order to request a restriction in our use or disclosure of your PHI, you must make your request in writing to TunedCare at info@tunedcare.com. Your request must describe in a clear and concise fashion: (a) the information you wish restricted, (b) whether you are requesting to limit our business’s use, disclosure or both, and (c) to whom you want the limits to apply
4. Accounting of Disclosures. All of our customers have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures our practice has made of your PHI for purposes not related to treatment, payment or operations. Use of your PHI as part of the routine business practices of our company is not required to be documented – for example, the billing department using your information to file your insurance claim. In order to obtain an accounting of disclosures, you must submit your request in writing to us at info@tunedcare.com. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
5. Right to a Paper Copy of This Notice. You are entitled to receive a paper copy of our notice of privacy practices. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this notice, contact us at info@tunedcare.com.
6. Right to File a Complaint. If you believe your privacy rights have been violated, you may file a complaint with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact us at [insert email.] All complaints must be submitted in writing. You will not be penalized for filing a complaint.
7. Right to Provide an Authorization for Other Uses and Disclosures. We will obtain your written authorization for uses and disclosures that are not identified by this Notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization.

Again, if you have any questions regarding this notice or our health information privacy policies, please contact us at info@tunedcare.com.

California Privacy Notice

We are not yet subject to the California Consumer Privacy Act (“CCPA”) and will amend this Policy once we are. In the meantime, please see the section entitled “What Rights Do I Have Regarding My Personal Information” and the HIPAA Privacy Notice for further information on what you may request regarding the personal information we have collected.

In addition, under California Civil Code § 1798.83, California residents who have provided personal information to TunedCare may obtain information regarding TunedCare’s disclosures, if any, of personal information to third parties for third-party direct marketing purposes. Requests must be submitted to the following address: support@tunedcare.com. Within 30 days of receiving such a request, we will provide a California Privacy Disclosure, which will include a list of certain categories of personal information disclosed during the preceding calendar year to third parties for their direct marketing purposes, along with the names and addresses of those third parties. This request may be made no more than once per calendar year.