Privacy Policy

Last Update: January 16th, 2020

SideFacts and its affiliates (collectively “Company” “we” or “us”) respect the privacy of its users, including its registered members, (“User(s)” or “you”), and are committed to protect the personal information that you share with us in connection with the use of www.sidefacts.health (The “Website” or “Site”), the App, and/or the Service (as defined in the TOU). This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use the Service, the manners in which we may use such information, and the options and rights available to you. We believe that sharing experiences with one another may improve understanding in health and treatments and helps to form a better support network for Users. Since this may include you sharing sensitive information about your health, we also believe it is important to be transparent about our privacy policies. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms of Use available at https://www.sidefacts.live/tos (the “TOU”), which this Privacy Policy is incorporated thereto by reference.

YOUR CONSENT – PLEASE READ CAREFULLY

By entering, connecting to, accessing and/or using the SideFacts services, you agree to be bound by the terms and conditions set forth in this privacy policy, including to the collection and processing of your personal information (as defined below). Please note: you are not obligated by law to provide us with any personal information. You hereby acknowledge and agree that you are providing us with personal information at your own free will, for the purposes described in Section 4 below, and that we may retain such personal information in accordance with this privacy policy and any applicable laws and regulations.

WHAT INFORMATION MAY WE COLLECT FROM OUR USERS?

We may collect different types of data and information from our Users: The first type of information is non-identifiable and anonymous information (“Non-personal Information”). We are not aware of the identity of the User from which we have collected the Non-Personal Information. Non-Personal Information is any unconcealed information which is available to us while Users are using the Service. Non-personal Information which is being gathered consists of technical information and behavioral information (e.g the browser type and version, device type). The second type of information is individually identifiable information (“Personal Information”). This information may identify an individual or may be of a private and/or sensitive nature. Personal Information which is being gathered consists of any personal details provided consciously and voluntarily by the User. The Personal Information is collected from the details the Users provide when Users wish to contact us or register as a member to the Service, which requires Users to complete a comprehensive registration survey containing the personal and medical details of the patient, as more fully described in our TOU. Types of Personal Information that Users may submit include, among others: age group, gender, location, demographic and geographic information. For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists. Personal and Non-personal Information which is being gathered in connection with your use of the Service may consist of the following: Technical Information. The User may automatically provide us with certain technical Non-personal Information and aggregated usage information, such as the User's mobile device brand and model, operating system type and version, browser information, language, screen resolution, geolocation, altitude, which Third Party Services’ applications are installed on the User’s device and User’s uses thereof through the Service, the User's manual configurations, 'click-stream', session recordings, interactions and activities on the Service, the period of time the User used the Service and related timestamps, crash and error logs, etc. We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your active acceptance of the TOU and this Privacy Policy.

HOW DO WE COLLECT INFORMATION ON OUR USERS?

There are two main methods we use: Use of the Services. We collect Non-Personal and Personal Information when you register with, access or use the Service. In other words, we are aware of your usage of the Service and may gather, collect and record the information relating to such usage. We also collect Non-Personal and Personal Information derived from information we receive from third party services and providers we work with. Voluntarily Provided. We may collect Personal Information which you voluntarily provide to us when you use the Service. We may also collect information provided via your social network account(s) in the event that you voluntarily choose to share it with us (like Facebook), through , your use of the mobile application, and may also collect Non-Personal Information through the processing, analysis and anonymization of Personal Information provided by you.

WHAT IS THE LEGAL BASIS FOR USE?

We collect, process and use your information for the purposes described in this Privacy Policy, based at least on one of the following legal grounds: With your consent: We ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time. When Performing our services under the TOU: We collect and process your Personal Information in order to provide you with the Service, following your acceptance of these Terms; and to maintain our Service to you. Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our services, protecting against harm to the rights, property or safety of our properties, or our Users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; In order to comply and/or fulfil our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our Terms of Use.

WHAT ARE THE PURPOSES OF THE COLLECTION OF INFORMATION?

We may use information that we collect about you for the following purposes: To provide, operate and improve our Service to you such as through features such as data analytics and manage our business; To develop new services and features for our Users; To find and analyze the correlations between different groups of patients and treatments; To personalize our service to you by generating insights for our Users and connecting patients with similar conditions so that they may share their treatment histories and experiences, ensuring a better User experience; To send you updates, notices, notifications, announcements, and additional information related to the Service; To be able to manage your account and provide you with customer support; To display or send to you marketing and advertising material and general and personalized content and advertisements via the Service, email, postal mail, telephone and/or mobile devices; To develop, display, and track content and advertising tailored to your interests on our Service and other sites, including providing our advertisements to you when you visit other sites; To create cumulative statistical data and other cumulative information and/or other conclusive information that is non-personal, in which we and/or our business partners might make use of in order to operate and improve our Service and provide related services; To perform market research using deidentified and/or aggregated data. To perform and provide scientific and medical research, and improve treatment options for patients, using deidentified and/or aggregated data. With your consent, we may share your information with our Partners in the industry, government and/or academia for research purposes, as more fully described below. To perform functions or services as otherwise described to you at the time of collection; To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities; To comply with any applicable rule or regulation and/or respond to or defend against legal proceedings brought against us or our affiliates.

SHARING INFORMATION WITH THIRD PARTIES

Third Party Services: We are partnering with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting, database and server co-location services (e.g. Amazon (AWS)), data analytics services (Google Analytics), session replay records for analytic purposes such as crashes, functionality and usability (e.g. FullStory) and our business, legal and financial advisors (collectively, “Third Party Service Providers”). Such Third-Party Service Providers may receive or otherwise have access to your Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing the Service, and may only use your Personal Information for such purposes. Such disclosure or access is strictly subject to the recipient's or user's undertaking of confidentiality obligations, and the prevention of any independent right to use this data except as required to help us provide the Service Our Partners. We will not share your personal information without your explicit consent, with our valued partners, including but not limited to those in the medical, pharmaceutical and biotechnology industries, academic institutions, and government agencies and regulatory bodies, including regulatory bodies such as the American CDC and FDA, or other national and international bodies, as applicable and as necessary. We may share only de-identified and/or aggregated information with Partners, in order to conduct scientific, and/or medical research, as part of our Service. When disclosing information to our Partners or otherwise selling user information for scientific or market research purposes, we make sure to anonymize and/or remove all Personal Information or other personally-identifying indicators in the data (de-identification) to minimize the possibility of accidental member identification. Law enforcement, legal proceedings, and as authorized by law: We may disclose or otherwise allow access to Personal Information pursuant to a legal requirement or request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing. Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, in cases of emergency or if we believe in good faith that this will help protect the rights, property or personal safety of our Company, any of our Users, or any members of the general public. Our Staff and Affiliated Companies: We may share Personal Information internally at SideFacts and within our family of companies, for the purposes described in this Privacy Policy. Should we undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your Personal Information may be shared with the parties involved in such an event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Website or Service. For the removal of doubt, we may share your Personal Information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use non-personal information in our sole discretion and without the need for further approval.

WHERE DO WE STORE USER’S PERSONAL INFORMATION?

Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service providers in the United States, and as necessary, in a secure cloud storage, provided by our Third-Party Service Providers. While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf are each committed to keeping it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction. You hereby accept the place of storage and the transfer of information as described above.

USING COOKIES AND OTHER TRACKING TECHNOLOGIES

We may use certain monitoring and tracking technologies (such as “cookies” or “pixel tags”) to understand how Users use our Service, including ones offered by Third Party Service Providers. These technologies are used in order to maintain, provide and improve our Website, App and/or Service on an ongoing basis, and in order to provide a better experience to our Users. For example, these technologies enable us to: (i) keep track of and “remember” our Users’ preferences and authenticated sessions, (ii) secure our Website and/or App by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Website and/or App, (iv) and create and monitor analytics. Learn more about your choices and how to opt-out of tracking technologies: Cookie policy

MINORS

To use the Service, you must be over the age of sixteen (16). SideFacts does not knowingly collect Personal Information from children under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Service. In the event that it comes to our attention that a person under the age of sixteen (16) is using the Service, we may prohibit and block such User from using the Service and will make all efforts to promptly delete any Personal Information with respect to such User. You warrant that you are the parent or legal guardian and have the actual authority and legal right to upload, submit, disclose or otherwise share the Non-Personal Information and/or Personal Information and/or any other form of sensitive information, of a minor child under your care. You may withdraw this consent at any time. Additionally, you may request erasure of the Personal Information.

COMPLIANCE WITH USA PRIVACY REGULATIONS

SideFacts is not a Covered Entity or Business Associate of any Covered Entity. Accordingly, any Health Information you provide voluntarily is not protected by the Health Insurance Portability and Accountability Act of 1996, and regulations promulgated there-under, including the Standards for Security and Privacy of Individually Identifiable Health Information at 45 Code of Federal Regulations Parts 160 through 164 (“Privacy and Security Regulations”), as amended from time to time, in addition to the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, Public Law 111-005. Moreover, this Site and App is not a Medical Device, and thereby is not regulated by the Federal Food, Drug & Cosmetic Act.

SECURITY

We take great care in implementing and maintaining the security of the Service and our Users’ Personal Information. We employ industry standard procedures and policies to ensure the safety of our Users’ Personal Information, reduce the risks stemming from loss of information and prevent unauthorized use of any such information. However, we do not and cannot guarantee that unauthorized access will never occur and reiterate that no measure can provide absolute information security.

DATA RETENTION

We retain the Personal Information we collect only for as long as your registered user account exists in our system and as needed in order to provide you with our services and to comply with applicable laws and regulations. If you withdraw your consent to us processing your Personal Information, we will delete your Personal Information from our systems (except to the extent such data in whole or in part is required to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).

UPDATING, OBTAINING A COPY OF, OR DELETING YOUR PERSONAL INFORMATION

If the law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your Personal Information. Under certain circumstances, you may have the right to restrict processing and/or object to the processing of your Personal Information. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information whose accuracy you contest while we verify the status of that data. Subject to the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us (excluding Information we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such Information to another party. If you wish to exercise any of these rights, contact us with an explicit request at: [email protected] When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such Information in whole or in part to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates. To find out whether these rights apply to you and for any other privacy-related matters, you can contact your local Information protection authority if you have concerns regarding your rights under local law.

CHANGES TO THE PRIVACY POLICY

The terms of this Privacy Policy will govern the use of the Service and any information collected therein. SideFacts reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this Privacy Policy on the homepage of the Website and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our Website or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Website after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of Israel, without respect to its criminal law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in Tel Aviv, Israel. This Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.

CONTROLLER

SideFacts are the data controllers of the Personal Information collected in connection with the use of SideFacts’s services. We have appointed a Data Protection Office (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below. To contact the Data Protection please contact [email protected]

CONTACT DETAILS

To exercise the rights regarding data protection, or revoke the consents given, the User may write to the email address [email protected] indicating "Data Protection" as a reference. The User may file a complaint with their national data protection authority if the User has a concern about our privacy practices, including the way we handle personal information. In addition, the User can contact our Data Protection Officer by writing to [email protected]

HAVE ANY QUESTIONS

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email at: [email protected] and we will make an effort to reply within a reasonable timeframe.