PRIVACY POLICY

PatientFi, Inc., and its affiliates or subsidiaries (“PatientFi,” “we,” “our,” and “us”) respects the privacy of our online customers and visitors to this website (www.patientfi.com) and its affiliated pages (collectively, the “Site”) and our services and products (collectively, the “Services”). This Privacy Policy explains what information we collect when you visit or otherwise interact with the Site and Services, how we use it, and when we may share it.

Please note that this Privacy Policy applies to any individual that accesses the Site and Services, regardless of how the Site and Services are accessed, including through a mobile device. By using and accessing the Site, you consent to the terms of this Privacy Policy and to our collection, processing and sharing of personal information for the purposes set forth herein. If you do not agree to the privacy practices described herein,  do not access or otherwise use the Site and Services.

NOTE REGARDING HIPAA AND PHI: PatientFi is not directly regulated as a covered entity by the Health Insurance Portability and Accountability Act (“HIPAA”). This means that the information that you provide to PatientFi may not be protected by the HIPAA privacy rules and regulations. This Privacy Policy is not intended for compliance with HIPAA, and the Services are not intended to act as a medical record system or otherwise as covered entity falling under the direct regulation of HIPAA. If you are a patient viewing this Privacy Policy and/or you have been directed to the PatientFi website by your provider of medical, cosmetic, or other related services (“Provider”), please contact your Provider for information regarding your medical records and/or HIPAA privacy disclosures. If you are a Provider viewing this Privacy Policy, please note that PatientFi is not responsible for providing HIPAA compliant privacy documentation to your patients, and you should ensure that you have appropriate patient disclosures or consents prior to uploading any patient information.

This Privacy Policy covers the following topics:

1. Personal Information We Collect
2. How We Use Your Personal Information
3. How We Share Your Personal Information
4. Additional Uses of Data for Patient Loyalty and Membership Programs
5. Universal Opt-Out Mechanisms
6. Notice to Nevada Residents
7. Your State Privacy Rights
8. Notice to California Residents
9. Advertising
10. Opting Out of Marketing and Promotions
11. Online Security
12. Third Party Links
13. Children’s Privacy
14. Accessibility
15. How to Contact Us
    
    

1. PERSONAL INFORMATION WE COLLECT

“Personal information” means any information that may be used, either alone or in combination with other information, to personally identify an individual, including, but not limited to, a first and last name, a personal profile, an email address, a home or other physical address, or other contact information. We collect and receive certain personal information from you through your use of the Site and Services. We collect the following types of personal information:

Personal Data You Provide or Direct Us to Collect

Depending on how you interact with our Site and Services, we will collect the following personal information that you voluntarily provide to us and/or are assigned to you by our system:

• Name and contact Information (e.g. address; phone number; email).
• Account and Profile Information (e.g. account type, login credentials, username/password).
• Patient/Treatment Information (e.g. information you enter about services for which you are seeking loans, discounts, or other program benefits/opportunities);
• Provider Business/Practice/Employment Information (e.g. name, location, and contact details of your practice/business; job title; relevant professional certifications and/or services offered).
• Billing/Payment/Donation Information (e.g. credit card, bank account, billing contact information that may be necessary for purchases made through the Site or Services);
• Order Information (e.g. account or order details that may differ from treatment or other information);
• Loan Application Information (described in more detail below).
• Other information that may be exchanged in the course of engaging with the Site or Services. You will be aware of any subsequently collected information because it will come directly from you.

If you originate a loan account with us or through one of our participating financial institutions (“Funding Partner”) or a participating Provider, we will collect the following personal information either directly from you or through a Provider, Funding Partner, or third-party platform:

• Your applications and transactions for loans originated by Funding Partners and Providers and serviced by us;
• Requests for pre-qualification for credit;
• Personal information including your name, date of birth, Social Security number, address, phone, email, and other similar information;
• Certain, basic treatment information in order to understand the medical services being financed, if not previously collected; and
• Financial information including bank account numbers, bank account details including routing numbers and similar information to process payments.

If you are participating in one of our loyalty or membership programs or you are participating in a loyalty or membership program of a businesses that PatientFi has partnered with in order to provide certain Services, discounts, offers, or other programs (“Program Partners” and/or “PatientFi Partner Programs”), we may obtain and process additional information about you directly from those Program Partners in order to administer the PatientFi Partner Programs. In addition, as a part of those PatientFi Partner Programs, we may be directed to collect additional, specific information to support the program from your health care Providers and related third parties including sensitive data that may be applicable to a certain PatientFi Partner Program such as identifiable health data relating to your disease or condition, medical history, treatments you may have received, reason for discontinuation of care, data on active management of diseases/ conditions, and benefits related to your use of our programs.

Program Partners that we regularly receive and obtain data from include, but are not limited to, Galderma S.A.; Abbvie Inc., TransUnion, NexTech, Boulevard Labs, Concora Credit, CredCompare, ChargeAfter, Goal Solutions, and other partners we rely on or you may interact with as a part of our Services, products and loyalty and membership programs.

Personal Data as You Navigate our Site and Chatbot

PatientFi uses industry standard tools and information to enable us to track and target the interests of our users to enhance the experience on and off our Site. We may automatically collect personal information through your use of our Site and our use of cookies and other tracking technologies, such as the following:

• Usage Information: Information about the pages on the Site you access, the frequency of access, and what you click on while on the Site.
• Device Information: Information about your internet service provider, browser, operating system and device.
• Mobile Device Information: Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
• Location Data: Location information from Site visitors on a city-regional basis

To learn more about how we use cookies and to manage your cookie settings, please see our Cookie Policy attached hereto as Exhibit A.

The site has a chatbot feature that is provided by Zendesk. Zendesk may collect, record, and store the information you provide in the chat. Please review Zendesk’s privacy policy here. If you use our chatbot feature via the Site, you may provide the following:

• Full name
• Account Information
• Any other information you choose to provide

Personal Data We Collect About You from Other Sources

In some cases, we may receive personal information about you from other sources. In addition to information already outlined above that we may receive directly from a Program Partner, Funding Partner, or Provider when you request financing, other sources may include advertising networks, data brokers, government entities, operating systems and platforms, mailing list providers, social networks, and advertising and marketing partners.

Reviewing Personal Information

If you would like to review or correct any Personally Information we have retained about you in our active databases, please contact us at privacy@patientfi.com.

2. HOW WE USE YOUR PERSONAL INFORMATION

In addition to facilitate activity already described above, we may use the personal information that you provide or that we collect when you visit the Site to:

• Verify your identity and/or remember your personal settings or preferences when using the Site;
• To assess your creditworthiness when you apply for credit or to pre-qualify you for credit;
• To manage and service loans or other accounts or applications you have with us;
• Determine your interests and needs in order to recommend relevant products and services;
• Qualify you for products and services that you request and to process your transactions;
• Maintain and improve our Site and Services;
• Protect the security and integrity of our Site and Services;
• Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use, and to otherwise fulfill our legal obligations;
• Post advertising content on Third Party Sites, along with web beacons and pixel tags to provide information to us and to third parties about pages you visit after seeing our ads or offers;
• Analyze the quality and performance of our Site and marketing campaigns;
• Monitor compliance with and enforce this Privacy Policy and any applicable agreements and policies;
• Defend our legal rights and the rights of others;
• Fulfill any other purposes for which you provide it;
• For any purpose that is reasonably necessary to or compatible with the original purpose for which we collected the personal information as disclosed to you; and
• Comply with applicable law.
  
  

Additional Uses of Personal Information for Patient Loyalty and Membership Programs

We use and disclose your personal information as part of PatientFi Partner Programs or other program participation to administer and manage the program, including customization of the program to you, delivery of products and services, administering loyalty programs, reminding you to take your product as prescribed or to obtain a refill of your product, and to provide you with program support, communications, and materials relating to your treatment and the program. We may also contact your Provider or other health care professional for drug safety information and to provide the Provider or health care professional with information about your medicine and your participation in a program.

3. HOW WE SHARE YOUR PERSONAL INFORMATION

We may provide any of the described categories of personal information to PatientFi employees, consultants, affiliates or other businesses or persons for the purpose of processing such information on our behalf in order to provide the Services to you. In such circumstances, we require that these parties agree to protect the confidentiality of such information consistent with the terms of this Privacy Policy. Third parties receiving personal information may include:

• Our affiliates and related companies.
• Funding/Program partners, Providers, and other contractors, which are not considered affiliated companies, as described in more detail below.
• Third-party vendors or service providers providing crucial services and necessary to provide the Service. For example, we share your email address with service providers who send emails on our behalf. We may also share non-personally-identifiable information with third parties who perform advertising services on our behalf and with companies that operate or analyze the Site.
• Government agencies or other parties in response to legal process or other requests, where permitted by law.
• With other persons or third parties with whom you have requested that we share information.

As discussed above, we may share the personal information that you provide to us with Funding Partners, Program Partners, or Providers in order to administer the Services, programs, or assist in providing PatientFi Partner Programs to you. This sharing is typically directed by you either through your Providers, various PatientFi partners, or when you sign up for PatientFi Partner Programs. You will be aware of any data sharing as a part of PatientFi Partner Programs because you must sign up for those programs in order to initiate any sharing. If you enroll in any specific programs or Services, please feel free to contact PatientFi to ask about the specific sharing that may be involved as a part of those Services or PatientFi Partner Program.

We do not authorize these third parties to use or disclose this information except as necessary to perform services for us or to comply with law. These third parties may not use the information that we provide to them to independently market to you unless you consent.

There may be other instances in which we may share either your personal or non-personally-identifiable information with a third party. For example:

• To respond to a subpoena, warrant, court order or other official governmental actions that are served upon us, and then in conformity with their terms or as we are otherwise permitted or required by law;
• To respond to our regulators or other governmental authorities;
• To protect or defend PatientFi or any of its affiliates or subsidiaries, or their directors, officers, employees, agents, partners, or independent contractors in any legal proceeding;
• Where we suspect fraud or for other risk management purposes;
• As required or permitted by law; or
• As otherwise instructed or authorized by you.

Depending on the jurisdiction in which you are located, you may have the right to limit when we share information about you. You may exercise your right to opt-out of certain sharing as described in Sections 10, 11, and others throughout this Policy and/or inquire about opting-out of sharing in jurisdictions where you may not have the rights expressly described in those sections by contacting us at privacy@patientfi.com or writing to us at PatientFi, Inc., Attn: Opt-Out, 530 Technology Drive, Ste 350, Irvine, California 92618.  If you write to us, please include your account number, contact phone number, and full name on the account. If you have a joint account, your opt-out will apply to every person on the account. If you have multiple accounts with us, you must opt-out separately for each account.

4. UNIVERSAL OPT-OUT MECHANISMS

The Site recognizes the Global Privacy Control (“GPC”) signal. If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC or other signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

5. SECURITY

The security of personal information is important to us. We follow generally accepted industry standards, including the use of appropriate administrative, physical and technical safeguards, to protect the personal information submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security or confidentiality. We are not responsible for any interception or interruption of any communications through the internet or for changes or unauthorized access to or losses or unauthorized use of data that occur due to such interception or interruption.

Users of the Service are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of the Service. In order to protect you and your information, we may suspend your use of any of the Service, without notice, pending an investigation, if any breach of security is suspected.

6. THIRD PARTY LINKS AND SITES

The Site may contain links to third party services or apps, including social media sites (collectively “Third Party Sites”). We exercise no control over Third Party Sites and encourage you to review each of their respective privacy practices.

Additionally, if you found information about PatientFi on a Third Party Site — such as a social media site like Facebook, LinkedIn, or Twitter — you understand that if your share personal information on such a Third Party Site that it will not be governed by this Privacy Policy and, depending on the Third Party Site, may be visible to all users of that Third Party Site. You should review the privacy policies and practices of Third Party Sites before providing information to them.

7. CHILDREN’S PRIVACY

The Site and Services are not intended for use by individuals who are under 13 years old. If you are under the age of 13 you should not be visiting the Site. We do not knowingly collect or retain personal information from children under the age of 13.

8. NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and we will respond accordingly. You may send opt-out requests to privacy@patientfi.com.

9. YOUR STATE PRIVACY RIGHTS AND ADDITIONAL DISCLOSURE

Depending on the state in which you reside, you may have certain privacy rights regarding your personal information. If you are a California resident, please see our “Notice to California Residents” section below. For other state residents, your privacy rights may include (if applicable):

• The right to confirm whether or not we are processing your personal information and to access such personal information;
• The right to obtain a copy of your personal information that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
• The right to delete personal information that we collected from and/or about you, subject to certain exceptions;
• The right to correct inaccurate personal information that we maintain about you, subject to certain exceptions;
• The right, if applicable, to opt out of the processing of your personal information for purposes of (1) targeted advertising; (2) the “sale” of your personal information (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
• If we are required by applicable law to obtain your consent to process sensitive personal information, the right to withdraw your consent; and
• The right not to receive discriminatory treatment by us for the exercise of your privacy rights.

Depending on how the applicable privacy law defines a “sale,” we may sell personal information to third parties. For instance, if you are a resident of Colorado or Connecticut, our use of cookies and tracking technologies constitutes a sale of personal information to third-party advertisers. We also use Cookies to display advertisements about our products to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under applicable privacy laws. We do not use personal information for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.

10. NOTICE TO CALIFORNIA RESIDENTS

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you, and you should not rely on it.

The CCPA defines “personal information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this Notice to California Residents section, we will refer to this information as “personal information.”

Certain information we collect may be exempt from the CCPA because it is considered public information (e.g., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.

Notice at Collection of Personal Information

We currently collect and, in the 12 months prior to the effective date of this Privacy Policy, have collected the categories of personal information listed above in this Privacy Policy.

We collect personal information directly from California residents and from the above-described sources. We do not collect all categories of personal information from each source, but as describe above, depending on the nature of your engagement with PatientFi. In addition, we collect personal information for the purposes stated above.

Sale, Sharing, and Disclosure of Personal Information

The following table identifies the categories of personal information that we disclosed for a business purpose in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the categories of recipients to whom we disclosed personal information:

We disclosed personal information to third parties for the business or commercial purposes discussed in the opening sections of this Privacy Policy.

The following table identifies the categories of personal information that we sold or shared to third parties in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the categories of third parties to whom we sold or shared personal information:

We shared personal information to third parties for the following business or commercial purposes:

• Credit Underwriting
• Compliance and Legal Obligations
• Fraud Detection and Prevention
• To Provide Customer Service or Support
• Marketing and Advertising

We have not sold or shared personal information in the twelve (12) months preceding the Last Updated Date of this Privacy Policy. We do not knowingly collect or sell or share the personal information of consumers under 16 years of age. We do not use sensitive personal information for purposes other than those allowed by the CCPA and its regulations.

Retention of Personal Information

We retain your personal information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.

Your Rights

If you are a California resident, you have the following rights with respect to your personal information:

• The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected personal information, the business or commercial purpose for collecting, selling or sharing personal information (if applicable), the categories of third parties to whom we disclose personal information (if applicable), and the specific pieces of personal information we collected about you;
• The right to delete personal information that we collected from you, subject to certain exceptions;
• The right to correct inaccurate personal information that we maintain about you;
• If we sell or share personal information, the right to opt out of the sale or sharing;
• If we use or disclose sensitive personal information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
• The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

How to Submit a Request to Know, Delete, and/or Correct
You may submit a request to know, delete, and/or correct by emailing us at privacy@patientfi.com or by calling us toll free at 1-866-734-5979.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.

Right to Opt Out of Sale or Sharing of Personal Information
If you are a California resident, you have the right to direct us to stop selling or sharing your personal information. You may submit a request to opt out of sales or by emailing us at privacy@patientfi.com or by calling us toll free at 1-866-734-5979. If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt out. Please see the “Universal Opt-Out Mechanisms” section above for more information.

Right to Limit Use and Disclosure of Sensitive Personal Information
You may submit a request to limit our use or disclosure of your sensitive personal information via the methods described herein.

Shine the Light Law

California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@patientfi.com or call us toll-free at 1-866-734-5979.

11. ADVERTISING

We or our advertising service providers may use information about your activities on the Site (such as the pages that you visit and the key words that you use to search for content) to help determine what advertisements or offers might be of interest to you. These advertisements may be on the Site or on Third Party Sites. The use of information in this manner is referred to as “online behavioral advertising.” We believe that online behavioral advertising helps to provide you with more relevant advertising based on the websites that you visit.

You may opt-out of online behavioral advertising by following the instructions in the “Opting Out of Marketing and Promotions” section of this Privacy Policy as well as our Cookie Policy attached as Exhibit A. Please note that opting out of online behavioral advertising will not stop you from receiving advertisements. However, the advertisements that you see may not be as relevant to you.

12. OPTING OUT OF MARKETING AND PROMOTIONS

To stop receiving promotional emails or text messages, follow the instructions in any promotional message you receive from PatientFi. If you receive a marketing e-mail from us relating to any offer or promotion and wish to be removed from future email solicitations, you will have the option to do so. If you opt out, the only future email communication you will receive from us will be (a) transactional or relationship messages, such as activity alerts and payment reminder messages; (b) in response to questions from you; or (c) to resolve any customer service issues you may have reported. If you need help accessing your information related to a service provided by one of our service providers or information held by your Funding Participant, we will assist you by referring you to the appropriate third party. Please contact us at privacy@patientfi.com.

13. INTERNATIONAL TRANSFERS

You acknowledge that we are located in the United States. If you reside outside the United States, you understand and agree that any information you provide to us via the Site and Services will be transferred from the country of your residence or location at the time it was provided to the United States. If you do not want your personal information to be transferred to the United States, do not provide that information to us. By providing us with your information you consent to the transfer of your information to the United States. 

14. CHANGES TO THE PRIVACY POLICY

We may make changes to this Privacy Policy at any time and without notice to you. It is your responsibility to review this Privacy Policy from time to time understand whether any changes have been made. If you use

15. ACCESSIBILITY

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

16. CONTACT INFORMATION

If you have any questions or comments about this privacy policy, the ways in which PatientFi collects and uses your information, your rights regarding such use, or wish to exercise your privacy rights (where applicable), please contact us at:

Email: privacy@patientfi.com
Postal Address: 530 Technology Drive, Suite 350, Irvine, California 92618
Phone: 866.734.5979

Last Updated: 8/1/24

^©PatientFi, Inc. 2024

Exhibit A

PatientFi, Inc., Cookie Policy

Introduction

PatientFi, Inc., (“we,” “us,” or “our”) uses cookies and similar technologies to enhance your experience on our websites. This Cookie Policy explains what cookies are, how we use them, and your choices regarding their use. By using our website, you consent to the use of cookies in accordance with this policy.

What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They help the website recognize your device and remember information about your visit, such as your preferences and actions.

Types of Cookies We Use

1. Essential Cookies

These cookies are necessary for the website to function properly. They enable core functionalities such as security, network management, and accessibility. Without these cookies, certain features and services on our website cannot be provided.

2. Performance Cookies

These cookies collect information about how visitors use our website, such as which pages are visited most often and if users receive error messages. The information collected is used to improve the website’s performance and user experience.

3. Functionality Cookies

Functionality cookies allow the website to remember choices you make and provide enhanced, more personalized features. These cookies can remember your login details, language preferences, and region.

4. Targeting/Advertising Cookies

These cookies track your browsing habits to deliver personalized advertising. They may also limit the number of times you see an ad and help measure the effectiveness of advertising campaigns.

How We Use Cookies

We use cookies to:

• Improve the functionality and performance of our website.
• Remember your preferences and settings.
• Analyze website traffic and user behavior.
• Deliver targeted advertising and measure its effectiveness.

Third-Party Cookies

We may allow third-party service providers to place cookies on your device for the purposes mentioned above. These third parties include, but are not limited to, analytics services (e.g., Google Analytics) and advertising networks. We do not control these third-party cookies, and their use is governed by the respective third parties’ privacy policies.

Browser Settings

Most web browsers allow you to control cookies through their settings. You can set your browser to block or delete cookies, but this may affect the functionality and usability of our website.

Changes to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this policy periodically to stay informed about our use of cookies.

Contact Us

If you have any questions about this Cookie Policy, please contact us at:

Email: privacy@patientfi.com
Postal Address: 530 Technology Drive, Suite 350, Irvine, California 92618
Phone: 866.734.5979

Effective Date: 8/1/24

By using our website, you agree to the terms of this Cookie Policy. If you do not agree with our use of cookies, please adjust your browser settings.