uConsult.one™ Privacy Policy

This “Privacy Policy” describes the privacy practices of Universal.one™, Inc. (“Universal”, “we”, “us”, or “our”) in connection with the uConsult.one™ platform through a web application that can be accessed through the world wide web (“www”) at https://uConsult.one, and any other website or mobile application that we own or control and which posts or links to this Privacy Policy (collectively, the “Service”), and the rights and choices available to individuals with respect to their information. Universal may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information. These supplemental privacy policies will govern how we may process the information in the context of the specific product or service.

Personal Information We Collect

Information you provide to us. We collect personal information that healthcare providers and patients provide to us. For example:

Business and personal contact information of healthcare providers, such as your first and last name, email and mailing addresses, physical address, telephone numbers, service hours, professional title and company name may be collected from healthcare providers.

Content healthcare providers choose to upload to the Service, such as patient names, files, consent forms and health records, along with the metadata associated with the file’s healthcare providers may upload.

Personal contact information of patients, such as your first and last name, email and mailing addresses, physical address, telephone numbers, demographic information, emergency contact information and if applicable, health insurance plan information may be collected from patients.

Content patients choose to upload to the Service, such as profile pictures, images of identity documents and health plan membership cards, along with the metadata associated with the files patients may upload.

Registration information, such as your username and password that you may set to establish an online account with us.

Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.

Usage information, such as information about how you use the Service and interact with us.

Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from other third parties. We may receive personal information about you from third-party sources. For example, if you are a patient, we may receive your health records via integrations with third party electronic health record systems in order to make such records available to your healthcare provider.

Cookies and Other Information Collected by Automated Means

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Service, including but not limited, your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and other personal information. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.

A “cookie” is a text file that websites send to a visitor ‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Browser web storage, or LSOs, are used for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. A “web beacon,” also known as a pixel tag or clear GIF, is typically used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our websites.

Web browsers may offer users of our websites or mobile apps the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

To operate the Service. We use your personal information to:

provide, operate and improve the Service

provide information about our products and services

establish and maintain your user profile on the Service

enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in

communicate with you about the Service, including by sending you appointment reminders and support and administrative messages

provide support and maintenance for the Service

to respond to your requests, questions and feedback

HIPAA. If your personal data is “protected health information” as defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), we will process your protected health information in accordance with any applicable business associate agreement we may have in place with your healthcare provider and/or covered entity (each, a “BAA”).

To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such for research or reporting purposes.

To create anonymous, aggregated or de-identified data. Subject to any obligations or restrictions we may have under any applicable BAAs, we may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and research and development purposes.

How We Share Your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as described in this Privacy Policy:

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Healthcare Providers. If you use the Service as a patient, we may share your personal information with your healthcare provider and/or clinic where you have booked your vaccination appointment(s).

Healthcare Reporting. Universal and/or healthcare providers may choose to report (i) adverse reactions incurred by individuals receiving vaccines via the Service to the Vaccine Adverse Event Reporting System (“VAERS”), and (ii) records of vaccinations administered with the aid of the Services to State governments and Immunization Information Systems. The VAERS’ privacy policy may be found at: http://vaers.hhs.gov/privacy.html. For more information about Immunization Information Systems, please visit: http://cdc.gov/vaccines/programs/iis/about.html.

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Service (such as customer support, hosting, analytics, email delivery, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy and are prohibited from using or disclosing your information for any other purpose.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all users.

Access or Update Your Information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account.

Cookies & Browser Web Storage. We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Service and third-party websites. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.

Security practices

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

International data transfers

We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.

Children

As a general rule, children are not allowed to use the Service, and we do not collect personal information from them. We define “children” as anyone under 13 years old. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us at support@universal.one.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we may notify you by updating the date of this Privacy Policy and posting it on the Service. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Service.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to legal@universal.one. You may also write to us via postal mail at:

Universal.one, Inc.

Attn: Legal – Privacy

68 T.W. Alexander Drive

Research Triangle Park

NC 27709-3628