METHODIQ® PRIVACY POLICY

Last Updated: March 7, 2025

Methodiq, Inc. (“Methodiq”, “we”, “us”, or “our”) respects the privacy of your Personal Data (defined below), and as such, we make every effort to ensure that your Personal Data is protected and private.

This Methodiq Privacy Policy (“Privacy Policy”) forms a part of, and fully incorporated into, our Terms and Conditions (“Terms”) and describes how we and the Medical Group use Personal Data that we collect, receive, and store about individuals in connection with the use of the website located at www.methodiq.com, and any other related or affiliated websites and mobile applications (each, together with any sub-domains, content and services, the “Sites”), as well as the various product and/or service offerings made available on the Sites (collectively, “Site Offerings”). Users with disabilities who wish to access this Privacy Policy in an alternative format can contact us by emailing us at [email protected]; or sending us U.S. mail to: Methodiq Inc., 110 Greene St., Second Floor, New York, NY 10012.

YOU SHOULD CAREFULLY READ THIS PRIVACY POLICY.

By accessing, browsing, and/or otherwise using the Sites and/or Site Offerings, you are creating a binding contract between you and us, and you are acknowledging that you have read, understood, and agreed to be bound by this Privacy Policy, in its entirety. If you do not agree with the terms and conditions of this Privacy Policy in their entirety and/or would prefer that we not collect, use, or disclose your Personal Data as described herein, you should not use the Sites and/or Site Offerings, or otherwise provide us with any information. Capitalized terms used but not defined herein shall have the same meanings as defined in the Methodiq Terms of Service.

INTRODUCTION

This Privacy Policy explains our online information practices and the choices you can make about the way your Personal Data is collected and used in connection with our Sites.

When we refer to “Personal Data” in this Privacy Policy, we are referring to any information that may be used, either alone or in combination with other information, to personally identify an individual, as well as the personal or material circumstances of an identified or identifiable individual. Different states, jurisdictions define Personal Data (and similar terms, such as personal information and personally identifiable information) to include different things, but Personal Data includes information, such as first and last name, email address, home or other physical address, telephone number, and other contact information. It may also include your computer or mobile device IP address, and geo-location information, if such data can be linked to a particular person.

This Privacy Policy applies only to Personal Data and other information provided by you and/or collected by us through the Sites. It does not apply to Personal Data and/or other information that we, or other parties, may collect through other means, such as through any business relationship between you and us. Other than where mandated by applicable law, this Privacy Policy also does not apply to information that you submit on other websites, even if we communicate with you on those other websites or provide a link to those websites through our Sites. For example, if you login via or post something on Facebook®, LinkedIn®, Twitter®, or other social media or networking sites, that information is governed by the privacy policies of those websites, not by this Privacy Policy.

PERSONAL DATA WE COLLECT ABOUT YOU

We collect Personal Data that you provide to us (e.g., during the registration, email submission, and/or checkout process) to fulfill your request to receive additional information or for the purpose of handling the contractual relationship that you have with METHODIQ®. We only use and store your Personal Data if we have a legal basis for doing so, including where you have given us your express consent, where we have a legitimate business interest or pursuant to a contractual relationship between you and METHODIQ®. Please be advised that users may withdraw consent at any time by using the options made available in this Privacy Policy.

SUPPLEMENTAL SECTIONS APPLICABLE TO CERTAIN JURISDICTIONS:

PRIVACY PROVISIONS FOR CALIFORNIA RESIDENTS

PRIVACY PROVISIONS FOR NON-CALIFORNIA US RESIDENTS

CONSUMER HEALTH DATA PRIVACY POLICY

HOW AND WHY WE COLLECT PERSONAL DATA

Please see our Provisions for California Residents below for additional details regarding the categories of Personal Data collected, and the business purposes for such collection.

Providing Personal Data is Your Choice. However, if you choose to make use of the Sites, you may need to provide certain Personal Data to us. If you choose not to provide mandatory Personal Data, you may still visit parts of our Sites but you may be unable to access certain Site Offerings, options, programs, offers, and services that involve our interaction with you. If you do provide us with Personal Data as described below, you agree that it will be accurate and complete, and it is your responsibility to keep it current.

The types of Personal Data you may be asked to provide, and the circumstances in which we request it, are described below. We present the information below based on the categories of information collected, but please be aware that similar specific pieces of information may apply to multiple categories. For example, your name and email address may be included within each of the “Identification and Contact Information”, “Billing Information”, and “User-Provided Information” categories described below.

1. Identification and Contact Information.
   • a. This is information that identifies you as an individual, such as your first and last name, date of birth, driver’s license (or other government identification) information, and information that enables us to contact you, such as an email address, mailing address, or phone number, as well as information about Site pages and products you have browsed, and actions taken on these pages. This information is generally collected when you: (i) create an account with us; (ii) contact us using the Sites; (iii) provide answers to quizzes and/or surveys provided by us; (iv) access the Sites from certain marketing material, links and emails; (v) request to receive newsletters and other materials; (vi) submit a product review; (vii) make a purchase (or attempt to make a purchase, but do not complete the purchase process); and (viii) participate in interactive features of the Sites, including but not limited to when you use the Medical Group’s Provider consultation services.
   • b. Below is some additional information on how we collect this information:
     • i. Account Creation: During your use of our Sites, and in order to use certain Site Offerings, you may choose, or be required, to create an account and fill in required forms referred to herein as an “Account.” We may offer different options to create an Account, including:
       • 1. Direct registration, where you input your Personal Data to complete and submit a registration form directly on our Sites.
       • 2. Upon purchasing any Methodiq products and/or services and/or upon subscribing to our Auto-Refill Subscription service, an Account will automatically be created for you so that you may access, manage and cancel your subscription.
       • 3. Registration using third party accounts, where you use a “login with…” (or similar) button that we display on our Sites for a designated third party service, referred to herein as a “Third Party Account”, such as Facebook® or Google®. Doing so will enable you to link your Account and your Third Party Account. If you choose this option, then you will be required to approve the connection as well as the types of information (which may include Personal Data) that we will obtain from your Third Party Account and the types of activities that we may perform in connection with your Third Party Account. Please note that in order to use this option, you will need to have, and may need to be signed-in to, an existing Third Party Account.
     • ii. Share with Friends Services: Our Sites may allow you to invite friends to use our Sites by sending them an invitation email or message. You may do so by:
       • 1. Using our Sites to send or post an invitation message via your Third Party Account; and/or
       • 2. Using our Sites to send an invitation email to your friend’s external email address (for example, a Gmail address).
       • 3. If you send or post an invitation message to a friend, we may collect Personal Data about the recipient, such as their email address or Third Party Account user name and ID. Your name and/or email address may also be included in their invitation or email message. If we collect Personal Data about the recipient of an invitation from you, we will only use such Personal Data for the one (1) time purpose of sending the subject invitation message, and for no other purpose.
     • iii. Interactive Site Services: Our Site may from time to time offer interactive services that allow or request you to submit information about yourself in order to receive information, products, and services from us. For example, to use certain Site Offerings, you may elect to submit, or we may ask you to provide pictures of yourself.
   • c. We collect and use Identification and Contact Information:
     • i. for purposes of verifying your identity when you create an Account, make a purchase, or access certain Site Offerings and/or other features of our Sites;
     • ii. for purposes of providing you with Site Offerings, products, services, or content you have purchased, used, or otherwise engaged with;
     • iii. for purposes of contacting you regarding your use of the Site Offerings, purchases, or your Account, which may include providing updates and/or seeking feedback on our products;
     • iv. for purposes of sharing invitations and messages with your friends at your request;
     • v. for purposes of responding to your inquiries and administrative requests;
     • vi. subject to your right to opt out and subject to applicable law, for purposes of sending you newsletters and other marketing and promotional communications that we believe may be of interest to you;
     • vii. for purposes of targeting you with relevant ads on third party media companies;
     • viii. for purposes of providing and improving our Sites and associated Site Offerings; and
     • ix. for internal business purposes, such as analysing and managing our service offerings including, without limitation, the Site Offerings.

   We may also combine the information we have gathered about you with information from other sources.

   • d. At times, we may want to contact you via telephone regarding your use of the Site Offerings. By submitting your Personal Data by and through the Sites and/or Site Offerings, you agree that such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR §310 et seq.), as amended from time to time (the “Rule”) and applicable state do-not-call regulations. As such, notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do-Not-Call List, and/or on applicable state do-not-call lists, we retain the right to contact US residents via telemarketing in accordance with the Rule and applicable state do-not-call regulations.
2. Photo Data.
   • a. You may be offered the opportunity to submit a photograph (“Photograph”) in order for us to identify skin conditions and properties. We may apply software and algorithms against the Photographs to detect the general structure of your face (“Structural Data”, together with the Photograph, the “Photo Data”) and generate data derived from your Photo Data that has been de-identified, anonymized, and/or aggregated as those terms are defined by applicable law (“Derived Data”) as legally permitted.
   • b. We only collect Photo Data if you provide it to us through your mobile device, computer or other digital transfer as part of our quizzes or other Site Offerings.
   • c. We use Photo Data and Derived Data to (i) to share with the Medical Groups so they can provide treatment and / or (ii) for research, product development, general Service improvements, and other legal purposes.
   • d. Our legal basis for processing Photo Data provided by you to us is our legitimate business interests, specifically our ability to improve our existing and future Site Offerings and Services.
   • e. Unless required to retain Photo Data to comply with the law or defend our rights, we will delete Photo Data upon the earlier of: (1) the initial purpose for collecting or obtaining such Photo Data being satisfied, or (2) 5 years since of your last interaction with Methodiq.
3. Billing Information.
   • a. Our Sites include the option to purchase products or services from us, as a standard sale, as part of our Auto-Refill Subscription plan, and as part of our try-before-you-buy program. If you choose to make any kind of purchase, we will require sufficient information from you to complete the transaction. Such information could include a credit card number and related account and billing information, invoice related information, and other data required to process the order. Please note that credit card information is considered “Sensitive Data” for purposes of this Privacy Policy.
   • b. We collect and use this type of information for the purpose of processing required payments.
   • c. Methodiq may utilize third-party service providers to provide payment processing services. If you choose to purchase products and/or services via the Sites, the payment method information provided will either be collected directly by the applicable third-party payment processor(s), or we will disclose that payment method information to those contracted third-party payment processor(s). Methodiq requires that its third-party payment processing service provider(s) has/have in place privacy policies and practices consistent with this Privacy Policy; provided, however, that we cannot guarantee the privacy practices of our third-party payment processing service provider(s).
   • d. We will retain this information for as long as necessary to complete your purchase and/or to process any return, unless you have opted to save your billing information. If you do so, we will retain the information for as long as you maintain your Account.
4. User-Provided Information.
   • a. Some parts of our Sites may enable you to build a public profile in connection with your Account, referred to herein as a “Public Profile.” Your Public Profile may include your name and other information that you choose to include in your Public Profile, such as your gender and profile picture. Our Sites may also include interactive features or pages that allow users to submit product reviews or upload content. If you participate in any of these interactive areas, we will collect whatever Personal Data you choose to include.
   • b. We collect and use this information for the purpose of allowing our customers and fans to engage with us, the Medical Group, and others through the Sites.
   • c. Our legal basis for processing this information is our legitimate business interests, specifically our ability to operate an interactive platform that allows our customers and others to receive the Site Offerings, learn more about our products and for us to learn more about our customers’ needs and preferences with respect to our existing or future product lines.
   • d. We will retain this information for as long as we have a business need to do so, unless a longer period is required by law. Note that while you can, in some circumstances, request removal of this type of information, in some cases we may not be able to remove Personal Data that you voluntarily disclose due to technical limitations. We will inform you if we cannot remove information as requested.
   • e. A Special Note About User-Provided Information. If you create a Public Profile or use other interactive features of the Sites, or engage with us via any social media websites, the information (including Personal Data) that you submit may be seen and used by others for as long as the applicable web pages remain active, and may be visible longer if pages are cached (depending on your privacy settings associated with your accounts with the applicable social media websites). This information may be used by other end-users of the Sites or the public to send you unsolicited messages. We provided notices and tools on our Sites to inform you of which content may be publicly available. However, we are not responsible for the Personal Data that you choose to post in this manner, and we encourage you to think carefully before posting anything in any public area of our Sites, and only to post information that you are sure you want to be accessible to everyone. Further, the social media websites operate independently from us, and we are not responsible for such social media websites’ interfaces or privacy or security practices. We encourage you to review the privacy policies and settings of the social media websites with which you interact to help you understand those social media websites’ privacy practices. If you have questions about the security and privacy settings of any social media websites that you use, please refer to their applicable privacy notices or policies.
5. Location Information.
   • a. We may provide certain location-based services, or “Location Services”, through our Sites that are dependent on data related to the geographic location, or the Location Data, of your mobile device and/or other device through which you are accessing our Sites. You should be able to use the settings on your mobile device or other device to turn off location-sharing features.
   • b. We collect this information for purposes of offering the Location Services on our Sites so that we can provide the applicable location-based content and any location-based Site Offerings to you.
   • c. Our legal basis for processing this information is our legitimate business interests, specifically our ability to provide products and services that are applicable in the area in which our users are accessing and using the Sites.
   • d. We will retain this information for only as long as the location services are active on your device.
6. Log Files.
   • a. We may (directly or through third parties) make use of log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet service provider (ISP), date/time stamp, referring/exit pages, clicked pages, and any other information that your browser may send to us.
   • b. We may (directly or through third parties) use such information to analyze trends, administer our Sites and/or Site Offerings, track users’ movement around our Sites, and gather information.
7. Cookies and Other Tracking Technologies.
   • a. Our Sites utilize “cookies,” anonymous identifiers and other tracking technologies which enable us to provide you with information that is customized for you.
   • b. For more information, see the “Cookie Policy” section of this Privacy Policy.
8. Analytics Services.
   • a. Our Sites may use the tools described below (the “Analytics Services”) to collect information about the use of our Sites, such as how often users visit our Sites, what pages they visit when they do so, and what other sites they used prior to visiting our Sites. We use the information we collect from the Analytics Services to maintain and improve our Sites and our products and services.
   • b. The Analytics Services we use include, but are not limited to:
     • i. Google® Analytics. Our Sites may use a tool called “Google Analytics®.” We may combine the information collected through the use of Google Analytics® with Personal Data. Google’s® ability to use and disclose information collected by Google Analytics® about your visits to and use of our Sites is restricted by the Google Analytics® Terms of Service, available here, and the Google® Privacy Policy, available here. You may learn more about how Google® collects and processes data specifically in connection with Google Analytics® here. You may prevent your data from being used by Google Analytics® by downloading and installing the Google® Analytics Opt-out Browser Add-on, available at here.
     • ii. Our Sites may use an analytics tool called “Hotjar®.” Hotjar’s® use of information collected through its analytics tools is set forth in the Hotjar® privacy policy available here. You may also opt-out of Hotjar® analytics tracking by visiting the Hotjar® Opt-Out Page, available here.
     • iii. Our Sites may use a marketing cloud and affiliate program tool called “Impact”. Impact’s use of information and privacy policy can be found here.
     • iv. Google Optimize. Our Sites may use an A/B Testing tool called Google Optimize. Google Optimize’s use of information and privacy policy can be found here.
     • v. Facebook Analytics. Our Sites may use a web analysis tool called Facebook Analytics. Facebook Analytics’ use of information and privacy policy can be found here.
     • vi. Our Sites may use a web analysis tool called Braze®. Braze’s® use of information and privacy policy can be found here.
     • vii. Our Sites may use a web analysis tool called Amplitude®. Amplitude’s® use of information and privacy policy can be found here.
     • viii. Our Sites may use a tool called “BigQuery®.” BigQuery® is owned and operated by Google®. We may combine the information collected through use of BigQuery® with Personal Data. Google’s® ability to use and disclose information collected by BigQuery® about your visits to and use of our Sites is restricted by the Google® Privacy Policy, available here. You may learn more about how Google® collects and processes data specifically in connection with BigQuery® here.

Facebook® is a registered trademark of Facebook, Inc. (“Facebook”). BigQuery®, Google® and Google Analytics® are registered trademarks of Google, Inc. (“Google”). Hotjar® is a registered trademark of Hotjar Ltd. (“Hotjar”). Braze® is a registered trademark of Braze, Inc (“Braze”). Amplitude’s® is a registered trademark of Amplitude, Inc (“Amplitude”). Please be advised that Methodiq® is not in any way affiliated with Facebook, Google, Hotjar Braze, Amplitude, nor are the Site Offerings endorsed, administered or sponsored by any of the foregoing entities.

HOW AND WHY WE MAY CONTACT YOUR MOBILE DEVICE

At times, we may want to contact you via your mobile device regarding your use of the Site Offerings.

Where you provide “prior express consent” within the meaning of the Telephone Consumer Protection Act (47 USC § 227), and its implementing regulations adopted by the Federal Communications Commission (47 CFR § 64.1200), as amended from time-to-time (“TCPA”), you consent to receive telephone calls, including artificial voice calls, pre-recorded messages, calls, and/or SMS text messages delivered via automated technology, to the telephone number(s) that you provided.

Please note that you are not required to provide this consent in order to obtain access to the Site Offerings, and your consent simply allows Methodiq to contact you via these means.

The frequency of SMS text messages that you receive from us may vary. Standard message and data rates may apply. Where you provide your consent as set forth above, you represent that you are the line subscriber and primary user of the telephone number that you provided (“Active Telephone Number”) and, as such, have the authority to agree to receive SMS text messages on the Active Telephone Number. Please be advised that by agreeing to this Privacy Policy, you are obligated to immediately inform us if and when your Active Telephone Number changes. Without limiting the foregoing, if you: (a) have your Active Telephone Number reassigned to another person or entity; (b) give up your Active Telephone Number so that it is no longer used by you; (c) port your Active Telephone Number to a landline or vice versa; or (d) otherwise stop using your Active Telephone Number for any reason (collectively “Phone Number Change”), you agree that you shall promptly notify Methodiq of the Phone Number Change via e-mail at: [email protected], or by using one of the methods set forth in the “Contact Us” section below.

Our legal basis for processing this Personal Data is our legitimate business interests, specifically our ability to provide you with the requested Site Offerings, to offer you our products and services, and to promote our Site Offerings (including cart reminders) and the content of our Sites.

We will retain this Personal Data for as long as we continue to have a business purpose for doing so (which will be at least as long as you continue to maintain an Account), unless a longer period is required by law. Such business purposes may include legal, taxation, accounting, risk management, and other purposes.

To stop receiving text messages from Methodiq, please reply “STOP” to the text message that you received from us. Please note this preference will only apply to the phone number that received the text message. Please reply “HELP” to receive help information.

Please promptly notify Methodiq of any change to the mobile telephone number provided to us via e-mail at: [email protected], or by using one of the methods set forth in the “Contact Us” section below.

HOW AND WHY WE DISCLOSE PERSONAL INFORMATION

Please see our Provisions for California Residents below for additional details regarding how we disclose Personal Data that we collect.

We may disclose Personal Data to third parties in the following circumstances:

• 1. Sharing Personal Data with Affiliates.

We may transfer your Personal Data to other companies within our group, including our subsidiaries, affiliates, and/or related companies, for the purpose of storing, using or processing such information on our behalf. We require that these parties agree to process such information in compliance with this Privacy Policy.

• 2. Sharing Personal Data with Third Parties.
  • 1. We may disclose your Personal Data to our third party service providers and partners, but only to assist us with our business operations and to provide our Site Offerings to you and other users. For example, our service providers may process payments made when you make purchases, deliver products you have ordered, or handle our data management, email distribution and analytics. We use commercially reasonable efforts to only engage or interact with third party service providers and partners that post a privacy policy governing their processing of Personal Data.
  • 2. We may disclose your Personal Data to our third party media partners in an anonymous, encrypted, or hashed format (primarily SHA256 encryption) or in standard format that is hashed or encrypted by the third party upon receipt in order to track and optimize performance of our marketing efforts (including tracking across multiple devices) and to provide you with relevant content across the web, such as banner ads including products you may have shown interest in, or sales offers for our site.
  • 3. We may disclose your Personal Data to our third-party analytics service providers in order to help to improve the functionality and features of the Sites and Site Offerings.
  • 4. We may disclose your Personal Data with our Email Service Provider(s) that help us to send you our marketing and/or transactional text messages.
  • 5. We may disclose your Personal Data to our SMS Service Provider(s) that help us to send you our marketing and/or transactional text messages.
  • 6. We may disclose your Personal Data or any information you submitted via our Sites if we have a good faith belief that disclosure of such information is required, reasonably necessary or helpful to: (a) comply with any applicable law, regulation, legal process, subpoena, court order, or governmental request; (b) enforce this Privacy Policy or our Terms, including investigations of potential violations thereof; (c) detect, prevent, or otherwise address fraud or security issues; and (d) protect against harm to our rights, property or safety, and with respect to our users, yourself or the public.
  • 7. We may disclose your Personal Data or any information you submitted via our Sites where we are the subject of bankruptcy proceedings, in connection with, during negotiations of, or as a part of the closing of, any merger, sale of company assets, or acquisition of all or a portion of our business to another company in which Personal Data about our Sites users is among the assets transferred; provided, however, that if we are involved in a bankruptcy proceeding, merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the Sites of any change in ownership or uses of your Personal Data, as well as any choices that you may have regarding your Personal Data.
  • 8. We will only use, disclose, and otherwise process Derived Data where permitted by law.
  • 9. We will store, transmit, and protect your Photo Data using a reasonable standard of care at least as protective as used to protect other confidential and sensitive information from disclosure. We disclose your Photo Data (i) to our service providers whom we prohibit from using the Photo Data for any purpose other than performing services for us; (ii) in connection with any proposed or actual type of acquisition, business combination or transfer of all or any portion of our assets; and (iii) to comply with the law or defend our rights.
  • 10. We will not disclose your information to third parties except as otherwise specified under this Privacy Policy, unless you have given us your separate, express, permission to do so. Notwithstanding the above, we do not share text messaging originator opt-in data and consent with any third parties.

Please see our Provisions for California Residents below for additional details regarding how we collect and share your non-personally identifiable information.

• 1. Non-personally identifiable information refers to information that is not and cannot be used to identify a specific individual. While this information may define how you fit into a particular group of people, it is not unique to you, and it cannot be used (without being combined with other information) to specifically identify you. Some jurisdictions may consider some of the following categories of information to be personally identifiable information, in which case, we will collect and use such information as personally identifiable information.
• 2. “Anonymous Information” refers to information that does not enable identification of an individual user, such as aggregated or demographic information about users of our Sites. We may use Anonymous Information or disclose it to third party service providers in order to improve our Sites and enhance your experience with our Sites. We may also disclose Anonymous Information (with or without compensation) to third parties, including advertisers and partners.

HOW WE COLLECT AND USE NON-PERSONALLY IDENTIFIABLE INFORMATION

Please see our Provisions for California Residents below for additional details regarding how we collect and disclose your non-personally identifiable information.

• 1. Non-personally identifiable information refers to information that is not and cannot be used to identify a specific individual. While this information may define how you fit into a particular group of people, it is not unique to you, and it cannot be used (without being combined with other information) to specifically identify you. Some jurisdictions may consider some of the following categories of information to be personally identifiable information, in which case, we will collect and use such information as personally identifiable information.
• 2. “Anonymous Information” refers to information that does not enable identification of an individual user, such as aggregated or demographic information about users of our Sites. We may use Anonymous Information or disclose it to third party service providers in order to improve our Sites and enhance your experience with our Sites. We may also disclose Anonymous Information (with or without compensation) to third parties, including advertisers and partners.

COOKIE POLICY

As noted above, our Sites use and allow certain third parties to use cookies. By using our Sites, you consent to the use of cookies as described in this cookie policy.

1. What are cookies?

• a) Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing when you visit a website. Some cookies are deleted once you close your browser or application (session cookies), while other cookies are retained even after you exit so that you can be recognized when you return (persistent cookies).
• b) Cookies used on our Sites are generally divided into the following categories:
  • i. Essential cookies: These are cookies that are required for the operation of our Sites, such as cookies that enable you to log into secure areas.
  • ii. Analytics cookies: These are cookies that automatically collect information about your use of the Sites. These help us understand how our visitors are using our Sites and how they navigate through the Sites. These cookies record only hashed statistical data, not Personal Data. As mentioned above, we use Google® Analytics and HotJar® to analyze user behavior, so these third parties will place these types of cookies on our Sites.
  • iii. Functional cookies: These are cookies that remember choices that you make when you visit our Sites, such as language options. They help us to personalize your visit to the Sites.
  • iv. Targeting cookies: These are cookies that record your visit to our Sites, the pages of the Sites that you visit, and the links you followed. They will recognize you as a previous visitor to the Sites and track your activity on our Sites and other websites that you visit after you leave the Site. To opt out of our use of targeting cookies in connection with your visit(s) to the Sites, please adjust the settings in your browser to block cookies.
• c. How do we use cookies?
  • i. We use cookies to make our Sites work more efficiently, to analyze how our Sites are used so that we can improve the Sites, Site Offerings and the other products and services we offer, and to personalize your visit to the Sites, such as by remembering your IP address when you return to the Sites and by setting language preferences.
  • ii. We may combine data collected via cookies with Personal Data about you, e.g., tracking items you put into your shopping cart (including when you have abandoned your cart) combined with mobile device numbers you have consented for our use to send SMS cart reminder texts.
• d.What are your choices regarding cookies?
  • i. Most web browsers automatically accept cookies, but you can usually change your settings to prevent that, such as by having your device warn you each time a cookie is being sent or choosing to turn off all cookies. This can be done through your web browser settings, and because each browser is different, you should look at your browser’s “Help” menu to learn how to modify your cookie settings. You can also learn more about how to opt out of targeted behavioral advertising from many major third party network advertisers by reviewing the information here and here . To opt out of cookie usage on our Sites, please adjust the settings in your browser to block cookies.
  • ii. If you do disable cookies from your browser, you may not be able to access certain sections of the Sites that use essential cookies, and this may make your experiences on the Sites less efficient.

YOUR RIGHTS REGARDING YOUR INFORMATION

Please see our Provisions for California Residents below for additional details regarding how California State residents can delete and/or access their Personal Data.

• 1. Opting Out

  • a. You may choose not to receive future promotional, advertising, or other Sites-related emails from us by sending us an email to: [email protected], or selecting an unsubscribe link at the bottom of each email that we send. Please note that even if you opt out of receiving the foregoing emails, we may still send you a response to any “Contact Us” request as well as administrative emails (for example, in connection with a password reset request) that are necessary to facilitate your use of our Sites and notifications regarding your orders.

• 2. Correcting and Updating Information.

  • a. If you are a registered user of our Sites, you can access and edit your Account Information online by clicking the “My Account” button on the Sites. You may also have any Personal Data you have provided revised by sending us an email to: [email protected].

• 3. Removing Information.

  • a. As noted above, we have standard retention practices with respect to the Personal Data we collect. If you would like to request any earlier removal of your Personal Data, you can email us at: [email protected].
  • b. Please note that we may not be able to completely remove Personal Data from our systems in certain circumstances. This will be true if the data is not in searchable format, if it is retained in backup systems or cached or archived pages, if we need it in order to prevent fraud or future abuse, or if we are required by law to keep it.
  • c. Any deletion request will not impact our ownership rights or continued processing of Derived Data to the extent permitted by law.

HOSTING OF OUR SITES

We do not ourselves host any of our Sites – all hosting is done by third party service providers that we engage. This means that data you provide us or that we collect from you (including any Personal Data) is hosted with such third party service providers on servers that they own or control. Regardless of where such third party service providers are located (and some are located in the US), their servers may be located anywhere in the world (including the US). Your data may even be replicated across multiple servers located in multiple countries. By using any of our Sites, you are consenting to your data being transferred to various third party service providers, possibly around the world (including the US).

OUR SECURITY MEASURES

We endeavor to safeguard and protect our users’ Personal Data. When users make Personal Data available to us, their Personal Data is protected both online and offline (to the extent that we maintain any Personal Data offline). Where our registration/application process prompts users to enter Sensitive Data (such as credit card information) and when we store and transmit such Sensitive Data, that Personal Data is encrypted with advanced TLS (Transport Layer Security).

Access to your Personal Data is strictly limited, and we take reasonable measures to ensure that your Personal Data is not accessible to unauthorized parties. All our users’ Personal Data is restricted in our offices, as well as the offices of our third-party service providers. Only employees or third-party agents who need user Personal Data to perform a specific job are granted access to user Personal Data. Our employees are dedicated to ensuring the security and privacy of all user Personal Data. Employees not adhering to our firm policies are subject to disciplinary action. The servers that we store user Personal Data on are kept in a secure physical environment. We also have security measures in place to protect the loss, misuse and alteration of Personal Data under our control.

Please be advised, however, that while we take every reasonable precaution available to protect your data, no storage facility, technology, software, security protocols or data transmission over the Internet or via wireless networks can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your Personal Data, and technological bugs, errors and glitches may cause inadvertent disclosures of your Personal Data, and any attempt to breach the security of the network, our servers, databases or other hardware or software may constitute a crime punishable by law. For the reasons mentioned above, we cannot warrant that your Personal Data will be absolutely secure. Any transmission of data at or through the Sites, other Site Offerings or otherwise via the Internet or wireless networks, is done at your own risk.

In compliance with applicable laws, we shall notify you and any applicable regulatory agencies in the event that we learn of an information security breach with respect to your Personal Data. You will be notified via e-mail in the event of such a breach. Please be advised that notice may be delayed in order to address the needs of law enforcement, confirm and determine the scope of network damage, and to engage in remedial measures.

LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS

Our Sites may enable you to interact with or contain links to your Third Party Account and other third party websites that are not owned or controlled by us, referred to herein as “Third Party Services.” We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of any Third Party Services that you choose to use or interact with.

CHILDREN’S PRIVACY

Please see our Provisions for California Residents below for additional details regarding our practices related to the collection and use of the Personal Data of California State residents who are under sixteen (16) years of age.

Our Sites are not structured to attract children under thirteen (13) years of age. Further, we do not intend to collect Personal Data from anyone we know to be under thirteen (13) years of age; provided, however, that if you are thirteen(13) years of age or older, but younger than eighteen (18) years of age, you can submit information to the Sites through and with the permission of a parent or legal guardian, but only after that parent or legal guardian has reviewed and agreed to the terms of this Privacy Policy in their entirety. If we learn that we have collected Personal Data from a person under thirteen (13) years of age (other than as expressly permitted in the relevant jurisdiction), we will delete that information as quickly as possible. If you believe that we might have any such information, please contact us at: [email protected].

INTERNATIONAL USERS

The Sites are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. Any information you provide to us through use of the Sites may be stored and processed, transferred between, and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your Personal Data in accordance with this Privacy Policy regardless of where your Personal Data is stored/accessed.

MODIFICATIONS OF THIS PRIVACY POLICY

Methodiq reserves the right to change or update this Privacy Policy at any time by posting a notice on the Sites that we are changing our Privacy Policy. If the manner in which we use Personal Data changes, Methodiq will notify users by: (a) sending the modified policy to our users via email; and/or (b) by any other reasonable means acceptable under applicable law. Your continued use of the Sites after we make changes is deemed to be an acceptance of those changes; if you do not accept the changes made, your choice is not to use the Sites.

QUESTIONS REGARDING OUR PRIVACY PRACTICES

If you have any comments or questions regarding our Privacy Policy, or how we may be storing and/or using your Personal Data, please contact us via e-mail at: [email protected] or by mail at: IM Pro Makeup NY LP, 110 Greene St., Second Floor, New York, NY USA 10012.

FILING A COMPLAINT WITH THE FEDERAL TRADE COMMISSION

To file a complaint regarding our privacy practices, please Click Here .

PRIVACY PROVISIONS FOR CALIFORNIA RESIDENTS

These Privacy Provisions for California Residents (“CA Privacy Provisions”) supplement the information contained in the Privacy Policy set forth above. These CA Privacy Provisions apply solely to residents of the State of California (“User(s)”). We adopt these CA Privacy Provisions in compliance with the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (the “CCPA”). Any terms defined in the CCPA (such as “personal information”) have the same meaning when used in these CA Privacy Provisions.

• 1. Shine the Light.

California Civil Code Section 1798.83 permits our customers who are California State residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. We may, in certain limited instances, disclose your Personal Data to third parties who perform administrative functions on our behalf. California State residents may request the following information regarding our disclosure of your Personal Data to third parties:

• a. How your Personal Data was disclosed to third parties;
• b. A list of certain categories of Personal Data that we have disclosed to certain third parties during the immediately preceding calendar year; and
• c. A list of certain categories of third parties that received Personal Data from us during that calendar year.

To make such a request, please send an email to [email protected]. Please note that we are only required to respond to one request per customer each year.

• 2. Privacy Rights for California Minors in the Digital World.

In addition, if you are a California State resident under eighteen (18) years of age and a registered user, California Business and Professions Code Section 22581 permits you to remove content or Personal Data that you have publicly posted on the Sites. If you wish to remove such content or Personal Data and you specify which content or Personal Data you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal, you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Data you have posted and, as such, there may be circumstances in which the law does not require us to enable removal of content.

• 3. Categories of Information We Collect.

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular User or device (“personal information”). In particular, we have collected the following categories of personal information from Users within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, telephone number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, postal address, telephone number, passport number, driver's license or State identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Internet or other similar network activity.	Browsing history, search history, information on a User's interaction with a website, application or advertisement.	YES
F. Sensory Data.	Audio, electronic, visual, thermal, olfactory, or similar information.	YES
L. Sensitive Personal Information.	Account log-in information, credit card numbers, information that may reveal a consumer’s racial, ethnic origin or health condition.	YES

We obtain the categories of personal information listed above from the following categories of sources (with the specific categories of personal information indicated in parenthesis):
• Directly from our Users. For example, from online registration forms, quizzes or photos that our Users submit to us in connection with the products and/or services that we offer by and through the Sites (Category A, B, C,D, E, F and L).
• Indirectly from our Users. For example, through information we collect from our Users in the course of providing our products and/or services to them (Category A, B, C, D, E and F).
• Directly and indirectly from activity on the Sites. This includes the type of browser that you use (e.g., Safari, Chrome, Internet Explorer), your IP address, the type of operating system that you use (e.g., Windows or iOS) and the domain name of your Internet Service Provider. In addition, we obtain certain Sites-related usage details and analytics as same are collected automatically by us and our third party partners (Category E).
• When our Users interact with us on our social media accounts, including commenting on and/or liking our posts (Category E).
• From third-parties that interact with us in connection with the products and/or services that we offer to our Users. For example, third party entities that assist us in sending direct and electronic mail, removing duplicate information from User lists, analyzing data and providing marketing analysis (Category A, B, C, D and E).
• 4. Use of Personal Information.

We may use or disclose each of the categories of personal information set forth above for one or more of the following business or commercial purposes (with the specific categories of personal information indicated in parenthesis):

• To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in connection with your purchase of products and/or services, we will use that information to process your order (Category A, B, C, D and F).
• To improve and better customize the products and services offered to you by us (Category B, C and L).
• To provide you with information, products or services that you request from us (Category A, B, C, D and F).
• To create, maintain, customize and secure your account with us (Category A, B, C, D, E and F).

To provide you with e-mail, direct mail and telemarketing messages concerning certain Methodiq products and/or services, as well as third-party products and/or services, that we believe may be of interest to you (Category A, B, C, D, E and F).

• To deliver relevant Sites-related content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (Category A, B, C, D and E).
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including the Sites’ respective Terms and Conditions (Category A, B, C, D, E and F).
• To improve the Sites and better present their respective contents to you (Category A, B, C, D and F).
• For customer service purposes and to respond to inquiries from you (Category A, B, C, D and E).
• For testing, research, analysis, product and services development (Category A, B, C, D, E, F and L).
• As necessary or appropriate to protect our rights, property or safety, and that of our clients or others (Category A, B, C, D, E and F).
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations (Category A, B, C, D, E and F).
• As described to you when collecting your personal information or as otherwise set forth in the CCPA (Category A, B, C, D, E and F).
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us is among the assets transferred (Category A, B, C, D, E and F).

We will not collect additional categories of personal information or use the personal information that we collected for materially different, unrelated or incompatible purposes without providing you with notice.

• 5.Disclosure of Personal Information

We disclose each of the categories of personal information set forth above for the business and commercial purposes described in the Use of Personal Information section.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for the business or commercial purposes set forth in the Use of Personal Information section:

Category A	Identifiers.
Category B	California Customer Records personal information categories.
Category C	Protected classification characteristics under California or federal law.
Category D	Commercial Information.
Category E	Internet or other similar network activity.
Category F	Sensory data.
Category L	Sensitive Personal Information.

We disclose your personal information for a business or commercial purpose to the following categories of third parties (with the specific categories of personal information indicated in parenthesis):

• Our affiliates (Category A, B, C, D, E and F).
• Service providers (Category A, B, C, D, E and F).
• Third parties who provide certain of the products and/or services featured on the Sites (Category A, B, C, D, E and F).
• Third parties to whom you authorize us to disclose your personal information in connection with the products and/or services that we provide to you (Category A, B, C, D, E and F).
• 6. Selling and Sharing of Personal Information.

We work with other companies and businesses to deliver advertising to you on other sites and services. In working with other companies and businesses, we may disclose personal information in a way that is “selling” or “sharing” personal information as defined under the CCPA.

In the preceding 12 months, we have sold or shared the following category of personal information with third party analytics providers, advertising partners, and ad networks for analytics and advertising purposes.

We do not sell or share any of your sensitive personal information, and do not sell or share the personal information of consumers under 16 years of age.

How Long We Keep Your Personal Information

We generally keep your personal information for as long as necessary to provide our products and services.

When deciding how long we need information, we consider the following factors:

• how long the information is needed to provide our products and services;
• how long the information is needed to comply with legal or regulatory obligations or to resolve disputes or defend against legal claims;
• whether the information is needed for other legitimate purposes such as to prevent harm to us or others, including our rights, property, or products; to enforce our terms and policies, or to promote security and integrity.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. When it is no longer necessary to retain your personal information, we will delete or anonymize it.

7. Your Rights and Choices

The CCPA provides Users (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable User request, we will disclose to you:

• The categories of personal information we collected about you
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we have shared that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable User request, we will delete (and direct our service providers to delete) your personal information from our (their) records, unless an exception applies; provided, however, that in some cases, strictly for regulatory compliance purposes and to better evidence/honor opt-out/unsubscribe requests (and for no other purposes), we may retain certain items of your personal information on a de-identified and aggregated basis in such a manner that the data no longer identifies you.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• 1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our obligations in connection with our contract with you.
• 2. Protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities.
• 3. Debug products to identify and repair errors that impair existing intended functionality.
• 4. Exercise free speech rights, ensure the right of another User to exercise her/his free speech rights or exercise another right provided for by law.
• 5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
• 6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, but only if you previously provided informed consent.
• 7. Enable solely internal uses that are reasonably aligned with User expectations based on your relationship with us.
• 8. Comply with a legal obligation.
• 9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Correct.

You have a right to request that we correct inaccurate personal information we maintain about you. We will take into account the nature of the personal information and the purposes for which we process it. We may require documentation from you in order to process your request, including your name, email address, phone number, and request details.

Right to limit use and disclosure of sensitive personal information.

You have the right to request that we limit our use and disclosure of sensitive personal information we maintain about you only as necessary to perform the services or provide the goods reasonably expected, or as otherwise permitted by the CCPA.

Right to Opt Out of Sale or Sharing.

You have a right to direct us not to “sell” or “share” your personal information (as those terms are defined under the CCPA). To exercise this right, please click on the following link: Do Not Sell or Share My Personal Information.

Exercising Access, Data Portability, Deletion, and Correction Rights.

To exercise your access, data portability, deletion, and/or correction rights described above, please submit a verifiable User request to us by either:

• 1.Emailing us at:[email protected]; or
• 2. Sending us U.S. Mail to: Methodiq Inc., 110 Greene St., Second Floor, New York, NY 10012.

We endeavor to act on all opt-out requests as soon as practicable, but in all cases within fifteen (15) business days of the receipt of your request.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable User request related to your personal information.

You may only make a verifiable User request for access or data portability twice within a 12-month period. The verifiable User request must:

• 1. Provide sufficient information that allows us to reasonably verify that you are: (1) the person about whom we collected personal information; or (2) an authorized representative. If you use an authorized agent to submit a consumer request, the authorized agent must provide documentation or other proof indicating that they are authorized to act on your behalf. For requests to correct, access or delete, we may require you to verify your identity directly with us and directly confirm with us that you provided the authorized agent permission to submit the request.
• 2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable User request does not require you to create an account with us. We will only use personal information provided in a verifiable User request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to respond to all verifiable User requests within forty-five (45) days of the receipt thereof. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding the receipt of your verifiable request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable User request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• 1.Deny you goods or services;
• 2.Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
• 3.Provide you a different level or quality of goods or services; and/or
• 4.Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Contact Information

If you have any questions or comments about these Privacy Provisions, our Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California State law, please do not hesitate to contact us by either:

• 1.Emailing us at:[email protected]; or
• 2. Sending us U.S. Mail to: Methodiq Inc., 110 Greene St., Second Floor, New York, NY 10012.

PRIVACY PROVISIONS FOR NON-CALIFORNIA US RESIDENTS

These privacy provisions for residents of the United States supplement the information contained in the Privacy Policy set forth above. These Privacy Provisions describe how to exercise your rights under the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.

Your Rights and Choices

Depending on where you live and subject to certain exceptions, you may have some or all of the following rights:

Access to Specific Information and Data Portability Rights

You may have the right to request that we confirm whether or not we have or currently are processing your personal data, and you may have the right to request a copy of your personal data that we have collected from you.

Deletion Request Rights

You may have the right to request that we delete any of your personal data that we collected from or about you, subject to certain exceptions. In some cases, strictly for regulatory compliance purposes and to better evidence/honor opt-out/unsubscribe requests (and for no other purposes), we may retain certain items of your personal data on a de-identified and aggregated basis in such a manner that the data no longer identifies you.

Right to Correct

You may have a right to request that we correct inaccurate personal data we maintain about you. We will take into account the nature of the personal data and the purposes for which we process it. We may require documentation from you in order to process your request, including your name, email address, phone number, and request details.

Exercising Access, Data Portability, Deletion, and Correction Rights

To exercise your access, data portability, deletion, and/or correction rights described above, please submit a verifiable User request to us by either:

• 1.Emailing us at:[email protected]; or
• 2. Sending us U.S. Mail to: Methodiq Inc., 110 Greene St., Second Floor, New York, NY 10012.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm that the personal data relates to you. Making a verifiable User request does not require you to create an account with us. We will only use personal data provided in a verifiable User request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to respond to all verifiable User requests within forty-five (45) days of the receipt thereof. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable User request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes to these Privacy Provisions

We reserve the right to amend these Privacy Provisions in our discretion and at any time. When we make changes to these Privacy Provisions, we will notify you by email or through a notice on the Sites’ respective homepages.

Contact Information

If you have any questions or comments about these Virginia Privacy Provisions, our Privacy Policy, the ways in which we collect and use your personal data, your choices and rights regarding such use, or wish to exercise your rights under Virginia State law, please do not hesitate to contact us by either:

• 1.Emailing us at:[email protected]; or
• 2. Sending us U.S. Mail to: Methodiq Inc., 110 Greene St., Second Floor, New York, NY 10012.

Consumer Health Data Privacy Policy

Last Updated: March 7, 2025

This notice supplements the Privacy Policy and applies to personal data defined as “consumer health data” subject to the Washington State My Health My Data Act (MHMDA), the Nevada Health Data Privacy Act (NHDPA), or other applicable state consumer health privacy law.

Consumer Health Data We Collect

As described in the How and Why We Collect Personal Data section of the Privacy Policy, the data we collect depends on the context of your interactions with us and the choices you make (including your privacy settings), the Site Offerings you use, your location, and applicable law. Because consumer health data is defined very broadly, many of the categories of data we collect could also be considered consumer health data.

Examples of consumer health data may include:

• Information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions). For example, we may collect such information through surveys or other communication with you for research studies and improving product accessibility.
• Measurements of bodily functions, vital signs, or characteristics, including photographs, which may also be considered biometric information under the MHMDA, the NHDPA, or other applicable state consumer health privacy law.
• Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies.
• Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health.
• Other information that may be used to infer or derive data related to the above or other health information.

Sources of Consumer Health Data

As described further in the How and Why We Collect Personal Data section of the Privacy Policy, we collect personal data (which may include consumer health data) directly from you, from your interactions with the Sites, from third parties, and from publicly available sources.

Why We Collect and Use Consumer Health Data

We collect and use consumer health data for the purposes described in the How and Why We Collect Personal Data section of the Privacy Policy. Primarily, we collect and use consumer health data as reasonably necessary to provide you with the Site Offerings you have requested or authorized. This may include delivering and operating the Sites and their features, personalization of certain Site Offerings features, ensuring the secure and reliable operation of the Sites and the systems that support them, troubleshooting and improving the Services, and other essential business operations that support the provision of the Sites (such as analyzing our performance, meeting our legal obligations, developing our workforce, and conducting research and development).

We may use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law – for example, for advertising or marketing purposes. See the Your Rights Regarding Your Information and Your Rights and Choices sections of the Privacy Policy and the How to Exercise Your Rights section below for more details on the controls and choices you may have.

Our Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described in the How and Why We Collect Personal Data section of the Privacy Policy. In particular, we may share personal data, including consumer health data, with your consent or as reasonably necessary to complete any transaction or provide any Service you have requested or authorized, as described above.

For example, we share your content with third parties when you tell us to do so. And we may disclose data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process.

Third Parties With Which We Share Consumer Health Data

As necessary for the purposes described above, we share consumer health data with the following categories of third parties:

• Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and Services may need access to data to provide those functions.
• Business partners. We may share consumer health data with other companies, for example, where you use a Service that is cobranded and jointly operated with another company, or where you use our Services to interact with another company.
• Financial institutions & payment processors. When you make a purchase or enter into a financial transaction, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
• Parties to a corporate transaction. We may disclose consumer health data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
• Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our Services and operate our business.
• Government agencies. As described in our Privacy Policy, we disclose data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.
• Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.
• Other users and individuals. If you use our Services to interact with other Users of the Service or other recipients of communications, we will share data, including consumer health data, as directed by you and your interactions.
• The public. You may select options available through our Services to publicly display and disclose certain information, such as your profile, demographic data, content and files, or geolocation data, which may include consumer health data.

How to Exercise Your Rights

If you are covered by the MHMDA, the NHDPA, or other applicable consumer health privacy law then you may have certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You can request to exercise such rights using the various tools and mechanisms described in the Your Rights Regarding Your Information and Your Rights and Choices sections of the Privacy Policy. For example, depending on the Site Offerings you use, you can access and make choices about your data through product controls. You can also access and clear some of your data through your web browser. And if you want to access or control consumer health data processed by us that is not available via those tools or directly through the Service you use, you can always contact us at [email protected].

If your request to exercise a right is denied, you may appeal that decision by contacting our support team at [email protected]. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint, the Nevada State Attorney General at https://ag.nv.gov/complaints/file_complaint/, or other regulatory authority as applicable.