Modern Health EU/Swiss-U.S. Privacy Shield:
Consumer Privacy Policy

Last Updated: July 3, 2019

PRIVACY SHIELD
Modern Life Inc. (“Modern Health”) complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, United Kingdom and Switzerland to the United States. Modern Health has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

TYPES OF PERSONAL DATA MODERN HEALTH COLLECTS
Modern Health obtains personal data about consumers in various ways. For example, Modern Health collects personal data directly from consumers when they visit Modern Health’s websites and applications and Modern Health collects personal data from employers. The types of personal data Modern Health may collect directly from consumers includes:

The types of personal data Modern Health may collect from employers includes:

Name
Suffix
Email address
Date of birth
Sex
EmployeeID
Employment start date
Department
Title
Job code
Office location

Modern Health may use the personal data described above for various purposes, including to:

Modern Health may use the personal data described above for various purposes, including to:

Provide its services
Market its services
Respond to consumers’ inquiries
Operate, evaluate and improve its business, software and services, includingconducting research with respect to outcomes and related matters
Protect against, identify and prevent fraud and other unlawful activity, claimsand other liabilities
Comply with and enforce applicable legal requirements and relevant industry standards

Modern Health also may obtain and use personal data in other ways for which Modern Health will provide specific notice at the time of collection.

ACCESS
Modern Health provides individuals with reasonable access to personal data that Modern Health retains about them, and also provides a reasonable opportunity to correct, amend or delete information where it is inaccurate or has been processed in violation of the Privacy Shield Principles. Modern Health may limit or deny access to personal data where the burden or expense of providing access would be disproportionate to the risks to the individual in the case in question, or where the rights of persons other than the individual would be violated. If you require access to your personal data to correct, amend, or delete your personal data, please contact us as described below.

CHOICE
Modern Health generally offers individuals the opportunity to choose whether their personal data may be (i) disclosed to third-party data controllers or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the relevant individual. To the extent required by the Privacy Shield Principles, Modern Health obtains opt-in consent for certain uses and disclosures of sensitive data, including information relating to health or ethnicity. Individuals may contact Modern Health as described below regarding Modern Health’s use or disclosure of their personal data. Unless Modern Health offers individuals an appropriate choice, Modern Health uses personal data only for purposes that are materially the same as those indicated in this Policy.

ONWARD TRANSFER
We are responsible for ensuring that our agents, service providers and other third parties to whom we disclose your personal data process the information in a manner consistent with our obligations under the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Accordingly, Modern Health requires third party-controllers to whom it discloses personal data to contractually agree to (i) only process the personal data for limited and specified purposes consistent with the consent provided by therelevant consumer, (ii) provide the same level of protection for personal data as is required by the Privacy Shield Principles, and (iii) notify Modern Health and cease processing personal data if the third party controller determines that it cannot meetits obligation to provide the same level of protection for personal data as is required by the Privacy Shield Principles. With respect to transfers of personal data to third-party processors, Modern Health (i) enters into a contract with each relevant processor, (ii) transfers personal data to each such processor only for limited and specified purposes, (iii) ascertains that the processor is obligated to provide the personal data with at least the same level of privacy protection as is required by the Privacy Shield Principles, (iv) takes reasonable and appropriate steps to ensure that the processor effectively processes the personal data in a manner consistent with Modern Health’s obligations under the Privacy Shield Principles, (v) requires the processor to notify Modern Health if the processor determines that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, (vi) upon notice, including under (v) above, takes reasonable and appropriate steps to stop and remediate unauthorized processing of the personal data by the processor, and (vii) provides a summary or representative copy of the relevant privacy provisions of the processor contract to the Department of Commerce, upon request. Modern Health remains liable under the Privacy Shield Principles if the company’s third-party processor onward transfer recipients process relevant personal data in a manner inconsistent with the Privacy Shield Principles, unless Modern Health proves that it is not responsible for the event giving rise to the damage.

RECOURSE AND ENFORCEMENT
In compliance with the Privacy Shield Principles, Modern Health commits to resolve complaints about our collection or use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Modern Health at legal@joinmodernhealth.com. Modern Health has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. For purposes of enforcing compliance with the Privacy Shield, Modern Health is subject to the investigatory and enforcement authority of the US Federal Trade Commission. Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

HOW TO CONTACT MODERN HEALTH
To contact Modern Health with questions or concerns about this Policy or Modern Health’s personal data practices please contact us at legal@joinmodernhealth.com.