PRIVACY NOTICE

1. OVERVIEW

MyWorkDoc Technologies, LLC and MyWorkDoc Services, LLC (collectively, "MyWorkDoc," "we," "us," "our") respect your privacy and are committed to protecting the personal data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us.

This Privacy Notice explains our practices with respect to personal data we collect and process about you. This includes information we collect through, or in association with, our website with a home page located at https://myworkdoc.com/, our apps that we may provide, the services that we may offer from time to time via our website and/or related apps, or otherwise through your interactions with us (the website, apps, services, collectively, the "Services").

Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.

2. PERSONAL DATA WE COLLECT

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal data").

In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.

a. Categories of Personal Data We Collect

The types of personal data we collect about you depends on your interactions with us and your use of the Services. In the past twelve (12) months, we collected the below categories of personal data from our users:

1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).
3. Characteristics of protected classifications under California or federal law.
4. Internet or other electronic network activity information.
5. Geolocation data.
6. Audio, electronic, visual, thermal, olfactory, or similar information.
7. Professional or employment-related information.
8. Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We will not collect additional categories of personal data other than those categories listed above. If we intend to collect additional categories of personal data, we will provide you with a new notice at or before the time of collection.

b. How We Use Your Personal Data

We collect and process your personal data for the following business and commercial purposes:

1. Providing, maintaining or servicing your account, verifying your information, providing customer service, recordkeeping, and handling regulatory reporting requirements on behalf of your employer.
2. Communicating with you by email, mail, text message (SMS, MMS), telephone, push notification, and other methods of communication, about the Services, injuries, treatments, status updates, and information tailored to your requests or inquiries.
3. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
4. Debugging to identify and repair errors that impair existing intended functionality.
5. Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
6. Undertaking internal research for technological development and demonstration.
7. Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.
8. Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
9. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.

c. How We Obtain Your Personal Data

We collect your personal data from the following categories of sources:

• Directly from you. When you provide it to us directly, whether through the onboarding process, reporting an injury or arranging a triage visit, or otherwise online, by email, or phone.
• Directly from your employer. We import your personal data that is provided to us from your employer to create a profile for you.
• Automatically or indirectly from you. For example, through logging and analytics tools, cookies, and as a result of your use of and access to the Services. We also collect identification data from and about the devices you use, such as the hardware model, operating system version, unique device identifiers, network speed, browser type, language, battery level and time zone.
• From our service providers.
• From third party health care providers. If you have authorized a health care provider to release your information to us.

d. Who We Share Your Personal Data With

We share personal data with the following categories of third parties:

• Our service providers.
• Our affiliated entities.
• Your employer, whom we partner with to provide the Services.
• Third party health care providers, with your express written consent.
• Government agencies or regulations when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, or safety, and/or that of our users and others.

e. Personal Data We Share

In the past twelve (12) months, we shared with the following categories of third parties the following categories of personal data for a business purpose:

• Category 1 (e.g., identifiers): Service providers, your employer, and third party health care providers (with your express written consent).
• Category 2 (e.g., identifiers, health and medical information): Service providers, your employer, and third party health care providers (with your express written consent).
• Category 3 (e.g., race, sex, age): Service providers, your employer, and third party health care providers (with your express written consent).
• Category 4 (e.g., internet or other electronic network activity information): Service providers.
• Category 5 (e.g., geolocation data): Government agencies, for tracking COVID-related data.

3. YOUR RIGHTS REGARDING PERSONAL DATA

You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you.

a. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data

We strive to maintain the accuracy of any personal data collected from you, and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information we receive or that you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us. Certain information, such as health and medical information that is captured during an injury triage, cannot be removed or changed.

Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.

b. Your California Privacy Rights

California's "Shine the Light" law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. However, we do not disclose personal data protected under the "Shine the Light" law to third parties for their own direct marketing purposes. The California Consumer Privacy Act of 2018 ("CCPA") provides our users who are California residents the following additional rights:

1. Right to Know: You have the right to request that we disclose certain information to you about the personal data we collected, used, disclosed, and sold about you in the past 12 months. This includes a request to know any or all of the following:
   • The categories of personal data collected about you;
   • The categories of sources from which we collected your personal data;
   • The categories of personal data that we have sold or disclosed about you for a business purpose;
   • The categories of third parties to whom your personal data was sold or disclosed for a business purpose;
   • Our business or commercial purpose for collecting or selling your personal data; and
   • The specific pieces of personal data we have collected about you.
2. Data Portability: You have the right to request a copy of personal data we have collected and maintained about you in the past 12 months.
3. Right to Deletion: You have the right to request that we delete the personal data we collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal data, we may deny your request or may retain certain elements of your personal data if it is necessary for us or our service providers to:
   • Complete the transaction for which the personal data was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.
   • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
   • Debug to identify and repair errors that impair existing intended functionality.
   • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
   • Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
   • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
   • To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
   • Comply with a legal obligation.
   • Otherwise use the personal data, internally, in a lawful manner that is compatible with the context in which you provided the information.
4. Right to Opt-Out/In: You have the right to opt-out of the sale of your personal data. You also have the right to opt-in to the sale of personal data. However, we do not sell your personal data.
5. Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:
   • Deny you goods or services.
   • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
   • Provide you a different level or quality of goods or services.
   • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

   To exercise your California privacy rights described above, please submit a verifiable request to us through our CCPA Rights Request Form or emailing us at privacy@myworkdoc.com.

   Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your Personal Information.

   You may only make a verifiable consumer request for Right to Know or Data Portability twice within a 12-month period. The verifiable consumer request must:

   • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative. We will need to verify your identity with at least two (2) pieces of information, such as name and date of birth.
   • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

   We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.

   Consumer Request by an Authorized Agent

   If an authorized agent submits a consumer request on your behalf, the agent must send an email to privacy@myworkdoc.com with proof that you gave the agent appropriate permission as required under applicable law to submit the request on your behalf. We may also require, as permitted by applicable law, that you email privacy@myworkdoc.com to confirm that the agent is permitted to submit the request on your behalf.

   We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable consumer request to verify the request's identity or authority to make the request.

   We will acknowledge receipt of the request within ten (10) days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.

   We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

c. Your Nevada Privacy Rights

Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to privacy@myworkdoc.com and are free of charge.

4. YOUR CHOICES

You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.

1. Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time through a given communications channel by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting us as provided at the end of this Privacy Notice. You may also control the notification you receive from us through the settings in the app or customer portal.
2. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.

5. PROTECTING PERSONAL DATA

We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards include: (i) the encryption of personal data where we deem appropriate; (ii) taking steps to ensure