Privileged & Confidential – Attorney Client Work Product

GABBI, INC. PRIVACY POLICY

Last Updated May 30, 2023

Welcome to the website (the “Site”) of Gabbi, Inc. and its subsidiaries (“Company,” “we,” “us,” or “our”). We have prepared this Privacy Policy to explain what personal information we collect, how we use and share that information, and your choices concerning our information practices. We provide a platform for women to help them determine their risk for breast cancer, based on a predictive and proprietary algorithm, while providing support in terms of navigating an associated action plan (collectively, including the Site, the “Service”). This Privacy Policy explains what personal information we collect, how we use and share that information, and your choices concerning our information practices. This Privacy Policy does not apply to personal information collected by: i) the independent licensed healthcare professionals (the “Providers”) that we contract with, including Gabbi Health Medical Group, P.A., an independent, physician-owned medical group with a network of Providers who provide clinical telehealth services, Gabbi Health of Maine, LLC, and other Gabbi-affiliated medical practices (collectively, the “Medical Group”), which shall be governed by the Medical Group Health Information Notice of Privacy Practices [https://cutt.ly/swqXEfJ0]; or ii) any third party, including through any application or content that may link to or be accessible from or on the Site. 

Before using the Service or submitting any personal information to Company, please review this Privacy Policy carefully and contact us if you have any questions. 

1. PERSONAL INFORMATION WE COLLECT 

We collect personal information as follows: 

Personal Information You Provide: We collect the following categories of personal information from you when you reach out to us via a “Contact Us” page of the site or pay a bill online: 

  • Identification Information: We collect your name, email address, phone number, and mailing/billing addresses. 
  • Health and Medical Information: We collect such information in connection with conducting research, and providing support to you. 
  • Communication Information: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication information is optional to you. 
  • Social Media Information: We have pages on social media sites like Instagram, and LinkedIn, and anticipate being on other platforms such as Medium, Twitter, Facebook, and TikTok (“Social Media Pages”). When you interact with our Social Media Pages, we will collect personal information that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
  • Other Data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection. 

Internet Activity Information: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access the Service (e.g., Chrome, Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems: 

  • Log Information: Information that your browser automatically sends whenever you visit the Site. Log Information includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Site 
  • Cookies and other Automatic Data Collection Technologies: Please see the “Automatic Data Collection Technologies” section below to learn more about how we use cookies. 
  • Device Information: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings 
  • Usage Information: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities. 

Protected Health Information: Some of the personal information processed by Company in connection with providing the Service to you may be subject to laws and regulations, such as rules issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), that govern providers’ use and disclosure of certain individually identifiable health-related personal information (“Protected Health Information”). When Company receives Protected Health Information, it does so as a “business associate” of certain health care providers, including the Medical Group, under an agreement that, among other things, prohibits us from using or disclosing the Protected Health Information in ways that are not permissible by the health care provider itself, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information. When we act as a business associate, we may be subject to certain laws and regulations, including certain HIPAA rules, that govern our use and disclosure of Protected Health Information and that may be more restrictive than otherwise provided in this Privacy Policy. Protected Health Information does not include information that has been de-identified in accordance with applicable laws. The Medical Group and Providers adopted a Health Information Notice of Privacy Practices that describes how they use and disclose Protected Health Information. The Health Information Notice of Privacy Practices will be provided to you by the Medical Group or Providers in accordance with applicable law. 

Automatic Data Collection Technologies: 

As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

  • details of your visits to our Site, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to our Site, error information, clickstream data, and other communication data and the resources that you access and use on the Site; and 
  • Information about your computer, mobile device, and internet connection, specifically your IP address, operating system, browser type, and Site version information. 

The information we collect automatically may include personal information or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Site and to deliver a better and more personalized service by enabling us to: 

  • estimate our audience size and usage patterns; 
  • verify your location to ensure we can provide you with our Services; 
  • store information about your preferences, allowing us to customize our Site according to your individual interests; 
  • recognize you when you return to our Site. 

The technologies we use for this automatic data collection may include: 

  • Cookies. A cookie is a small file placed on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Site. We presently do not honor “Do Not Track” requests across all parts of our Site. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Site. 
  • Web Beacons. Pages of our Site, and our emails may contain small electronic files known as web beacons that permit us, for example, to count users who have visited those pages, used those screens, or opened an email and for other related website and application statistics (for example, recording the popularity of certain Site content and verifying system and server integrity). 
  • Analytics Tools. We use tools such as Google Analytics to collect certain information relating to your use of the Site. Google Analytics uses “cookies”, which are text files placed on your computer or phone, to help us analyze how users use the site. We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics, you can visit Google Analytics’ webpage and review its privacy practices  at www.google.com/analytics/learn/privacy.html. You may prevent your data from being used by Google Analytics by installing the Google Analytics Opt-out Browser Add-on from https://tools.google.com/dlpage/gaoptout/

2. HOW WE USE PERSONAL INFORMATION 

We may use personal information for the following purposes:

  • To provide the Service; 
  • To respond to your inquiries, comments, feedback, or questions; 
  • To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies; 
  • To analyze how you interact with our Service; 
  • To maintain and improve the Service; 
  • To develop new products and services; 
  • To promote our Site and Service to you; 
  • To fulfill any other purpose for which you provide us personal information; 
  • For any purpose for which you give us authorization; 
  • To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and 
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties. 

Aggregated Information. We may aggregate personal information and use the aggregated information to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Service and share aggregated information like general user statistics with prospective business partners. We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Policy. 

De-Identified Information. We may create and use de-identified information, in which information is removed from your personal information so that you cannot be identified (“De-identified Information”), without restriction. 

Marketing. We may use your personal information to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email or telephone number, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. You can also control the marketing emails and/or text messages you receive by updating your settings through your account. In addition, if at any time you do not wish to receive future marketing communications, you may contact us or change your account settings. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests. 

3. SHARING AND DISCLOSURE OF PERSONAL INFORMATION 

Company does not sell your personal information. In certain circumstances we may share the categories of personal information described above without further notice to you, unless required by the law, with the following categories of third parties:

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal information with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and analytics services. Pursuant to our instructions, these parties will access, process, or store personal information in the course of performing their duties to us. 
  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your personal information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of or following that Transaction along with other assets. 
  • Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Service, or the public, or (v) protect against legal liability. 
  • Affiliates: We may share personal information with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with Company. Our affiliates may use the personal information we share in a manner consistent with this Privacy Policy. 
  • Business Clients: We may share your personal information with our business clients for Services provision and business operations purposes. Our business clients purchase our Services for their employees, staff, students, dependents, and other specified persons. We may share your personal information with our business clients for purposes related to performing our contractual obligations towards these clients, including to make our Services available to you as sponsored by your employer. 

4. CHILDREN 

Our Service is not directed to children who are under the age of 18. Company does not knowingly collect personal information from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided personal information to Company through the Service please contact us and we will try to delete that information from our databases. 

5. LINKS TO OTHER WEBSITES 

The Service may contain links to other websites not operated or controlled by Company, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies. 

6. SECURITY

You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect personal information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing personal information to Company via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites. 

7. PERSONAL INFORMATION PROCESSING IN THE U.S. 

The Service is not intended for use outside the United States. By using our Service, you understand and acknowledge that your personal information will be transferred from your location to our facilities and servers in the United States, where data protection laws may differ from those in your jurisdiction. 

8. YOUR CHOICES 

In certain circumstances providing personal information is optional. However, if you choose not to provide personal information that is needed to use some features of our Service, you may be unable to use those features. You can also contact us to request updates or corrections to your personal information. 

9. JOB APPLICANTS 

When you visit the “Join Us” portion of our website, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to provide improved administration of the website, and as otherwise necessary (a) to comply with relevant laws or to respond to subpoenas or warrants served on us; (b) to protect and defend the rights or property of us or others; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Service. 

10. CHANGES TO THE PRIVACY POLICY 

The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with personal information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it. 

11. CONTACT US 

If you have any questions about our Privacy Policy or information practices, please feel free to contact us at our designated request address: 10350 N Vancouver Way, #1067, Portland, Oregon, 97217.