Subject Well Privacy Notice

Effective Date: January 9, 2020

I. GENERAL

This privacy notice sets out how SubjectWell, Inc. and its group entities (“SubjectWell” or “we”) use and
protect any information that you provide to SubjectWell when you visit our website(s)
https://www.subjectwell.com/,
https://www.healthintel.co/, and
https://www.trials.world/ (collectively “the Site”)
and correspond with us. Occasionally you may choose whether or not to provide or disclose Personal Information
in connection with your use of the Site. If you choose not to provide the Personal Information we request, you
may still visit and use parts of the Site, but may be unable to access or use certain features, options,
programs, and services. If you would like to know about the privacy practices relating to our clinical trial
participant recruitment services, please visit our
privacy statement.

II. WHAT WE MEAN BY “PERSONAL INFORMATION”

For purposes of this Privacy Notice, “Personal Information” means any information from or about a person that
either identifies that person directly or that makes that person identifiable when it is combined with other
information from or about that person from any source.

III. WHAT PERSONAL INFORMATION DO WE COLLECT?

(1) Information Collected Automatically

Certain information is collected automatically on the Site by means of various software tools. We have a
legitimate interest in using such information to assist in log-in, systems administration purposes,
information security and abuse prevention, to track user trends, and to analyze the effectiveness of the Site.
Alone or in combination with other information, such automatically collected information may constitute
Personal Information. Some of our service providers (described in Section V, below) may use cookies or other
methods to gather information regarding your use of the Site. Such third parties may use these cookies or
other tracking methods for their own purposes by relating information about your use of the Site with any
Personal Information about you that they may have. The use of such information by a third party depends on the
privacy policy of that third party.

a) Log Files on The Site. The information inside the log files includes internet protocol (“IP”) addresses,
type of browser, Internet Service Provider (“ISP”), date/time stamp, referring/exit pages, clicked pages and
any other information your browser may send to us.

b) Cookies. We use cookies to make interactions with the Site easy and meaningful. When you visit the Site,
our servers may send a cookie to your computer. Standing alone, cookies do not personally identify you; they
merely recognize your web browser.

We may use cookies that are session-based and persistent. Session cookies exist only during one session. They
disappear from your computer when you close your browser software or turn off your computer. Persistent
cookies remain on your computer after you close your browser or turn off your computer. Please note that if
you disable your web browser’s ability to accept cookies, you will be able to navigate the Site, but you may
not be able to successfully use all of the features of the Site.

The following sets out how we may use different categories of cookies and your options for managing cookie
settings:

Type of Cookies Description Managing Settings
Required cookies Required cookies enable you to navigate the Site and use its features, such as accessing secure areas of
the Site and using our services. If you have chosen to identify yourself to us, we use cookies containing
encrypted information to allow us to uniquely identify you. Each time you log into our Site, a cookie
containing an encrypted, unique identifier that is tied to your account is placed on your browser. These
cookies allow us to uniquely identify you when you are logged into the Site and to process your online
transactions and requests.
Because required cookies are essential to operate the Site, there is no option to opt out of these
cookies.
Performance cookies These cookies collect information about how you use our Site, including which pages you go to most often
and if they receive error messages from certain pages. These cookies do not collect information that
individually identifies you. Information is only used to improve how the Site functions and performs. From
time-to-time, we may engage third parties to track and analyze usage and volume statistical information
relating to individuals who visit the Site. We may also utilize Flash cookies for these purposes.
To learn how to opt out of performance cookies using your browser settings, click
here. To learn how to manage privacy and
storage settings for Flash cookies, click
here.
Functionality cookies Functionality cookies allow our Site to remember information you have entered or choices you make (such
as your username, language, or your region) and provide enhanced, more personal features. These cookies
also enable you to optimize your use of the Site after logging in. These cookies can also be used to
remember changes you have made to text size, fonts and other parts of web pages that you can customize. We
may use local shared objects, also known as Flash cookies, to store your preferences or display content
based upon what you view on the Site to personalize your visit.
To learn how to opt out of functionality cookies using your browser settings, click
here. To learn how to manage privacy and
storage settings for Flash cookies, click
here.
Targeting or Advertising cookies From time-to-time, we may engage third parties to track and analyze usage and volume statistical
information from individuals who visit the Site. We sometimes use cookies delivered by third parties to
track the performance of our advertisements. For example, these cookies remember which browsers have
visited the Site. By way of example, as you browse the Site, advertising cookies may be placed on your
computer so that we can understand what you are interested in. Our advertising partners then enable us to
present you with retargeted advertising on other sites based on your previous interaction with the Site.
Third parties, with whom we partner to provide certain features on the Site or to display advertising
based upon your web browsing activity, use Flash cookies to collect and store information. Flash cookies
are different from browser cookies because of the amount of, type of, and how data is stored.
To learn more about these and other advertising networks and their opt out instructions, click
here. To learn how to manage
privacy and storage settings for Flash cookies, click
here.

Google Analytics is an element of the Site. By using cookies, Google Analytics collects and stores data such
as time of visit, pages visited, time spent on each page of the Site, the IP address, and the type of
operating system used in the devices used to access the Site. By using a browser plugin available at
http://www.google.com/ads/preferences/plugin/
provided by Google, you can opt out of Google Analytics.

(2) Information You Provide to Us

When you use the Site or otherwise communicate with us, we collect information that you provide to us
directly. For example, we collect information in the following circumstances: when you contact us via the
Site; when you apply for a job on the Site and when you otherwise communicate with us.

The data you provide to us directly may include, without limitation, the following information that may,
alone or in combination with other data, constitute Personal Information:

  • Information you provide through our ‘Contact’ section, including your name, company, e-mail, phone number,
    and any other information you decide to provide;
  • Information you provide via email or using the contact details listed on various parts of the Site,
    including your name, phone number, and any other information you provide to us;
  • If you are one of our customers, suppliers, or prospects, or interested in serving as an investigator of a
    clinical trial, we may process limited Personal Information in the course of our business relation with you,
    for example when you place an order, sign up for a webcast, request a demo, or the like. Such Personal
    Information may include your name, company, title, e-mail address, telephone number, address, and order
    details; and
  • Other information: We may also collect any other information you may want to share with us. Moreover, if
    you contact us, a record of this correspondence may be kept.

 

(3) Information Received From Third Parties

We may also obtain data from third-party sources such as our customers, vendors such as human resources
service providers, data providers, and credit bureaus, where permitted by law. Our data providers include, not
by way of limitation Human API. For more information, please visit
https://www.humanapi.co/.

SubjectWell does not buy or sell Personal Information. 

IV. PURPOSES FOR OUR COLLECTION AND USE OF PERSONAL INFORMATION

If you submit or we collect Personal Information through the Site, then such Personal Information may be used
in the following ways: (i) to provide, analyze, administer, develop, and improve the Site; (ii) to contact you
in connection with the Site and notifications, events, programs or offerings that you may have registered for;
(iii) to send you updates and promotional materials that you have registered for; (iv) for recruiting and
other human resources-related purposes; (v) to identify and authenticate your access to the parts of the Site
that you are authorized to access; (vi) for our legitimate interests of documenting and managing our internal
administration; and (vii) to protect the rights and/or our property and to ensure the technical functionality
and security of the Site.

With your consent (unless otherwise permitted by applicable law) we use the Personal Information you provide
us via the Site to send you information on our products and services, special offers and other information
based on the interests that you have indicated to us. You have the right to opt out of getting those messages.
If you do not wish to receive these messages, click the unsubscribe link in your email. Please note that these
selections are not permanent; they may be changed in the event you register for other products or services and
consent to receive marketing messages. You may also email us at
privacy@subjectwell.com for assistance.

In addition to the above, we use the Personal Information in order to comply with applicable laws and for our
legitimate purposes of protection our legal rights, in connection with legal claims, and for compliance,
regulatory, and investigative purposes. This may include sharing the Personal Information with third parties,
such as governmental authorities or law enforcement officials subject to applicable law.

V. WHO DO WE SHARE PERSONAL INFORMATION WITH?

We may disclose Personal Information you provide to us or that we collect automatically on the Site with the
following categories of third parties:

  • Service providers, such as data storage service providers, marketing service providers, and communications
    service providers (e.g. Amazon Web Services);
  • Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect
    our rights or the rights of third parties; and
  • Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Site and their
    advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all
    of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization,
    in accordance with this Privacy Notice.

VI. THIRD PARTY PRACTICES

The Site may contain links to other sites, which are not owned or operated by us or our affiliates. We
provide such links only as a convenience, and the inclusion of a link on the Site does not imply our
endorsement of the linked site. Other sites may also reference or link to our Site. If you provide any
Personal Information through a third-party website, your transaction will occur on such third party’s website
(not our Site) and the Personal Information you provide will be collected by, and controlled by the privacy
policy of, that third party. We are not responsible for the privacy practices or the content of such
third-party websites, including such websites’ use of any Personal Information that you provide to them.

VII. INDIVIDUAL RIGHTS

Where we process Personal Information, individuals are entitled to ask us for an overview of the Personal
Information we have about them and also to access, correct or delete certain Personal Information, restrict
processing of their Personal Information, or to ask us to transfer some of Personal Information to other
organizations. Certain individuals can also object to some processing of their Personal Information, e.g.
processing based on our legitimate interest, and, where we have asked for their consent, they can withdraw
their consent at any time. Insofar as Personal Information about them is processed, certain individuals also
have a right to know more about the protection we apply when transferring Personal Information to non-European
Economic Area countries.

Note that we are not legally obligated to agree to such requests in all circumstances, and in certain
circumstances, agreeing to a request may be infeasible – for example, a deletion request when we are required
by law to maintain the Personal Information. Please also note that we are not able to act on any of the above
requests if we are not in a position to identify an individual filing such request.

Where applicable, these rights can be exercised by sending us an email through the contact details further
below. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or
other regulatory agency if you believe that we have violated any of the rights concerning Personal Information
about you. We encourage you to first reach out to us at
privacy@subjectwell.com so we have an opportunity to address your
concerns directly before you do so. We are committed to compliance with the General Data Protection Regulation
(“GDPR”) where applicable, so please contact us through the details listed below if you have any questions
about these rights.

VIII. FOR CALIFORNIA RESIDENTS

California Civil Code Section 1798.83 permits users of the Site who are California residents to request
certain information regarding our disclosure of Personal Information to third parties for their direct
marketing purposes. To make such a request, please contact us at
privacy@subjectwell.com.

IX. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

SubjectWell is a U.S.-based company with domestic and international business clients. As a result, Personal
Information that we collect on the Site may be transferred to our U.S. offices to permit us to comply with our
legal and contractual obligations, to provide information and services to prospective and current clients, and
to perform related business activities. In addition, we may work with third-party service providers in the
U.S. and in other countries to support our business activities. Thus, Personal Information may be transferred
to, stored on servers in, and accessed from the United States and countries other than the country in which
the Personal Information was initially collected. In all such instances, we use, transfer, and disclose
Personal Information solely for the purposes described in this Privacy Notice.

X. TRANSFERS OF PERSONAL INFORMATION FROM THE EU OR SWITZERLAND TO THE UNITED STATES

SubjectWell complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework
(collectively, “Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use,
and retention of Personal Information from European Union (the “EU”) member countries and Switzerland.
SubjectWell has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of
Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access,
and Recourse, Enforcement, and Liability. A violation of our commitment to Privacy Shield may be investigated
by the Federal Trade Commission and/or the United States Department of Commerce. If there is any conflict
between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles
shall govern. To learn more about the Privacy Shield program, and to view our certification page, to the
extent available, please visit
https://www.privacyshield.gov or
https://www.privacyshield.gov/participant?id=a2zt0000000PKQpAAO&status=Active.

In compliance with the Privacy Shield Principles, SubjectWell commits to resolve complaints about your
privacy and our collection or use of Personal Information about you. Persons from the EU or Switzerland who
have inquiries or complaints regarding this Statement should first contact us via email at:
privacy@subjectwell.com.

SubjectWell has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to
JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely
acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit
https://www.jamsadr.com/eu-us-privacy-shield
for more information and to file a complaint.

These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with
applicable law. Please note that if your complaint is not resolved through these channels, under limited
circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Pursuant to the
Privacy Shield, SubjectWell remains potentially liable for the transfer of Personal Information to third
parties acting as our agents unless we can prove we were not a party to the events giving rise to the
damages.

In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to
the EU-US and Switzerland-US Privacy Shield, SubjectWell is potentially liable.

XI. DATA RETENTION

We keep Personal Information related to your client account for as long as it is needed to fulfill the
purposes for which it was collected, to provide our services, to deal with possible legal claims, to comply
with our business interests and/or to abide by all applicable laws. Thereafter, we either delete Personal
Information about you or de-identify it. Please note that even if you request the deletion of Personal
Information about you, we may be required (by law or otherwise) to retain the Personal Information and not
delete it. However, once those requirements are removed, we will delete Personal Information about you in
accordance with your request.

XII. DATA SECURITY

The security of Personal Information is important to us. We follow generally accepted industry standards to
protect the Personal Information submitted to us, both during transmission and once we receive it. However, no
method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we
strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute
security.

XIII. CHILDREN

The Site is not intended for children under the age of 13. Accordingly, we do not intend to collect Personal
Information from anyone we know to be under 13 years of age.

XIV. CHANGES TO THE PRIVACY NOTICE

This Privacy Notice may change from time to time, effective from the date mentioned in the updated version of
the Privacy Notice. Please check the Site periodically to review such changes in the Privacy Notice. We may
email periodic reminders of our agreements and policies in the event of a change.

XV. CONTACT US

If you have any questions or concerns about this Privacy Notice or about SubjectWell’s privacy or data
security practices, please contact us or our Data Protection Officer via the following:

E-mail: privacy@subjectwell.com

Address:

7000 N MoPac Expy

Ste 330

Austin, TX 78731

USA

You can also contact our representative in the European Union:

European Data Protection Office (EDPO):
Name: Lucia Canga Roza
E-mail: lucia.canga@edpo.brussels
Phone number: +32 499 24 28 45