Please note that because of the overlapping nature of certain of the categories of Personal Information identified above, which are required by state law, some of the Personal Information we collect may be reasonably classified under multiple categories.

2. Sources of Personal Information

We may collect Personal Information about you from the following categories of sources:  

• Directly from you through Self-Reported Information, i.e. directly from you through your interactions with us, including without limitation when you use the Site or Services (e.g. creating an account with us, completing electronic forms, uploading medical records, linking a wearable device to our Services) or otherwise contact us via chat, email, phone, or text (i.e. “Self-Reported Information”).

• Through cookies and other tracking technologies, as discussed in more detail in Cookies and Other Tracking Technologies (Section 5 of this Policy). 
• From third party healthcare service providers, laboratory service providers, and other providers of medical and medical-adjacent services (our “Lab and Provider Partners”), with your permission and in accordance with applicable law and the context in which you provided the data.  
• From other third parties, including our third party service providers, business and marketing partners, affiliates, analytics providers, ad network providers, ad agencies, and advertisers. 
• From government agencies or public records.
• From social media and other content platforms, such as Google and Meta, if you access our Services through a third-party connection or log-in or interact with us on these platforms use the Site or Services. 

3.  Disclosure of Personal Information

We may disclose Personal Information that we collect, or you provide to the following:

• Our affiliates. We may share Personal Information among our affiliates to provide our Services, and for internal administrative purposes. 

• Our service providers. We share Personal Information with our service providers to provide services on our behalf, such as payment processing, analytics, advertising, hosting, marketing, customer and technical support, and other services. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use the information for any other purpose.
• Our Lab and Provider Partners. We have engaged with various third-party Lab and Provider Partners in connection with various facets of our Services. Such partnership may involve receiving and sharing Personal Information, including without limitation Consumer Health Data, with your permission in accordance with applicable law and the context in which you provided the data. 
• Third party platform advertisers. While we will not disclose your Self-Reported Information without your express, affirmative consent, we may share information gathered through tracking technologies like cookies and web beacons with third-party platform providers who assist us in serving advertising to others who may be interested. We also partner with third parties who use cookies to serve interest-based advertising and content on their respective third-party platforms that may be based on your preferences, location, and/or interests.  As noted elsewhere, our websites implement measures to help ensure that we do not share tracking information in this manner for individuals accessing our Services from Connecticut, Nevada, or Washington
• Third parties related to compliance and harm prevention. Under certain circumstances, we may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities, and/or in response to a threat of harm involving an individual’s health and/or safety.
• Third parties related to a change of ownership. If we or our subsidiaries are involved in a merger, acquisition, asset sale, or other corporate combination, your Personal Information – including without limitation your Lab Results and any and all other Self-Reported Information – may be transferred to the acquiring or surviving entity.
• At your request, other persons or entities that are relevant to your care.  At your request, we may also share Personal Information, such as your Lab Results (as defined in our Terms of Service), with your general practitioner, your specialist, or your provider’s health system. 

We do not disclose your Lab Results or any other Self-Reported Information without your express, affirmative consent. 

4. Aggregated, Deidentified, or Anonymous Information

We may create aggregated, de-identified, or anonymous information from Personal Information by removing certain data components (such as your name, email address, or linkable tracking ID) that makes the data identifiable, or through aggregation, obfuscation or other means.  For example, we may de-identify any information and data provided and/or generated in connection with your use of our Services (including without limitation your Lab Results and other Personal Information), in compliance with applicable law. Subject to applicable law, our use of such aggregated, de-identified, or anonymized information is not Personal Information or subject to this Privacy Policy.

5. Cookies and Other Tracking Technologies

We use cookies and similar tracking technologies and analytics services to track activity on and gauge the effectiveness of the Site and Services.

1. Cookies

Cookies are files with a small amount of data which may include unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies we may use include web beacons to track information and analyze the Services.  Beacons (also known as pixel tags, clear GIFs) are small objects that are embedded in an image on a website; they can transmit information directly to Function, or to another person or entity of our designation.  For the purposes of this Privacy Policy, cookies, beacons, and other such tracking technologies shall, collectively, be embraced by the term “Cookies.”

You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use: 

• Strictly Necessary. We may use Cookies that we consider are strictly necessary to allow you to use and access our website, including Cookies required to prevent fraudulent activity, improve security or allow you to make use of shopping cart functionality.
• Performance. We may use Cookies that are useful in order to assess the performance of our website, including as part of our analytic practices or otherwise to improve the content, products or Services offered through our website.
• Functionality. We may use Cookies that are required to offer you enhanced functionality when accessing our website, including identifying you when you sign in to our website or keeping track of your specified preferences, including in terms of the presentation of content on our website.
• Advertising. We may use Cookies to deliver content, including ads, relevant to your interests on our website and third party sites based on how you interact with advertisements or content.

‍

**Although Function generally uses Cookies as described above, our websites implement measures to help ensure that we do not use Cookies for individuals accessing our Services from Connecticut, Nevada, or Washington.

2. Analytics

We may use Google Analytics or other service providers for analytics services. These analytics services may use Cookies and other tracking technologies to help us analyze how users use the Services. Information generated by these services (e.g., your IP address and other usage information) may be transmitted to and stored by Google Analytics and other service providers on servers in the U.S. (or elsewhere) and these service providers may use this information for purposes such as evaluating your use of the Service, compiling statistic reports on the Service’s activity, and providing other services relating to Service activity and other Internet usage. You may exercise choices regarding the use of Cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on. 

**Although Function generally uses Cookies as described above, our websites implement measures to help ensure that we do not use Cookies for individuals accessing our Services from Connecticut, Nevada, or Washington.

3. Third-Party Ad Networks. 

Certain companies may participate in the Digital Advertising Alliance ("DAA") AdChoices Program and may display an Advertising Option Icon for Interest-based Ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com/ and its opt-out program for mobile apps at http://www.aboutads.info/appchoices. 

In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”). NAI has developed a tool that allows consumers to opt out of certain Interest-based Ads delivered by NAI members' ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Ads, you will continue to receive non-targeted ads. Opting out of one or more NAI or DAA members only means that those selected members should no longer under the DAA / NAI rules deliver certain targeted ads to you. This will affect this and other services, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). If your browsers are configured to reject Cookies when you visit this opt-out page, or you subsequently erase your Cookies, use a different device or web browser(s), or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. Mobile device opt-outs will not affect browser-based Interest-based Ads even on the same device, and you must opt-out separately for each device. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

**Although Function generally uses Cookies as described above, our websites implement measures to help ensure that we do not use Cookies for individuals accessing our Services from Connecticut, Nevada, or Washington.

6. Data Security

The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is completely secure. Function uses certain safeguards to reasonably protect the security and integrity of your Personal Information.  In order to enhance the protection of your Personal Information, Function will collect Personal Information via a secure processing server (SSL-protected, with a valid SSL-certificate or other commercially reasonable encryption technology) and/or a third-party payment provider with appropriate security and confidentiality procedures.  If you transact with us via direct payment gateway, your financial information (as defined in Personal Information We May Collect, Use, and Disclose) will be encrypted through Payment Card Industry Data Security Standard (PCI-DSS). While we strive to use commercially reasonable security procedures and practices appropriate to the nature of the Personal Information, we cannot guarantee its absolute security.

‍

7. Data Retention

We will retain your Personal Information only for as long as is necessary to provide you with Services, to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain certain Personal Information for internal analysis purposes. This information is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods. Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position, including regard to applicable statutes of limitations, litigation or regulatory investigations.

8. International Transfers of Your Personal Information

Your information, including Personal Information, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside of the United States and choose to provide information to us, please note that we transfer the data, including Personal Information, to the United States and process it there. For such transfers, we take the necessary measures to ensure that your Personal Information receives an adequate level of protection.

We will take all the steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Personal Information.

9. Children’s Privacy 

Function’s Services are not intended for children under the age of eighteen (18) years and we do not knowingly collect information from such persons. We do not knowingly collect Personal Information from children under 18. If you become aware that a child has provided us with Personal Information, please contact us at legal@functionhealth.com, with the subject line “Minor Access”. If we become aware that we have collected Personal Information from children without verification of parental consent, we take steps to remove that information from our servers.

10. Your Privacy Rights  

You may have certain rights and choices regarding our collection, use, and disclosure of your Personal Information, based on your location or place of residency. 

a. Opting out of promotional electronic communications from us. We may use your Personal Information to send you updates regarding existing products and Services, information about new products and Services, upcoming events, surveys, and other announcements and inquiries. Please note that Function may send you marketing and advertising messages on behalf a third party (including subject to a paid arrangement); provided, under such a circumstance, Function will not disclose your Personal Information to said third party. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or communicate your opt-out request using the information below. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required in order to provide you with the Service or for other reasons disclosed in this Policy.

b. Additional rights available in certain states and jurisdictions. Certain U.S. jurisdictions provide residents with certain rights with respect to their Personal Information or “personal data” as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our California Privacy Notice; Nevada Privacy Notice; Colorado, Connecticut, Utah, and Virginia Privacy Notice; and Consumer Health Data Privacy Policy for more information on rights and terms specific to your location or place of residence.

c. Exercising your privacy rights.  Please use the following information to exercise your rights. Please note that any request you submit to us is subject to an identification and residency verification process as permitted under applicable law, as well as certain other procedural requirements that may be noted in the sections below. Additionally, all requests are subject to certain exceptions under applicable law, which may vary. If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in other language, you may access your privacy rights by emailing us at legal@functionhealth.com.

We do not charge a fee to process or respond to your verifiable consumer request unless its excessive, repetitive, manifestly unfounded, or in accordance with applicable law.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

Depending on applicable law, you may be limited in how many verifiable or authenticated consumer request you make within a twelve (12) month period. If we have inadvertently collected information on your minor child, you may exercise the above rights on behalf of your minor child. Additionally, in some jurisdictions, you may designate an authorized agent to submit a request on your behalf, and if so, we may require proof of the agent’s authorization by you and/or verification of the agent’s own identity. Generally, a rights request must include:

• Sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which must include, at a minimum, your first and last name and email address.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request.

We cannot respond to your request or provide you with Personal Information if we cannot verify or authenticate your identity or authority to make the request and confirm that the Personal Information relates to you. We will only use Personal Information provided in a verifiable or authenticated consumer request to verify your (or your authorized agent’s as applicable) identity or authority to make the request.

You are not required to create an account with us to submit a verifiable or authenticated consumer request. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account. If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact legal@functionhealth.com. Except where otherwise noted, we will respond to your request within forty-five (45) days after receipt and we reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days. As described below, in some jurisdictions, an authorized agent may submit a request to exercise your rights on your behalf.

How to submit a request. To exercise any of the rights described in this Privacy Policy, please send your request(s) using one of the following methods:

• Emailing us at legal@functionhealth.com
• Visiting the contact page at our Site at https://www.functionhealth.com/contact
• Calling us at (737) 259-6190.

11. California Privacy Notice

This California Privacy Notice applies to any California residents about whom we collect Personal Information (for the purposes of this Article 11, “consumers”). The provisions contained within this section are intended to provide notices in compliance with the California Consumer Privacy Act of 2018 (“CCPA”) and other relevant California laws and regulations. 

‍

For the purposes of this California Privacy Notice, except where a different definition is noted, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal Information does not include Publicly Available Information, information that has been de-identified or aggregated, or other information subject to certain federal and state regulation, such as PHI.

If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in other language, you may access your privacy rights by emailing us at legal@functionhealth.com.

1. Personal Information We Collect

We may collect, or have collected, the following categories of Personal Information about you:

• Identifiers
• Commercial information
• Financial information
• Internet or other electronic activity information
• Geolocation data
• Professional or employment-related information
• Audio, electronic, visual, or similar information
• Characteristics of protected classifications under California or federal law
• Inferences drawn from any of the above

Certain of the Personal Information that we collect may constitute “Sensitive Personal Information” as defined by California law. This may include: 

• Your account login information
• Content of messages sent through the Site or Services
• Personal Information collected and analyzed concerning your health

2. How We Use Your Personal Information

We use the Personal Information we collect about you for the following purposes:  

• Contact you and provide information
• Provide customer service
• Perform identity and age verification as required under applicable law
• Provide and maintain the Site and Services
• Facilitate interactive features 
• Internal analytics
• Market our products and Services directly to you
• Market the products and services of others directly to you
• Promotions and sweepstakes
• Internal business purposes, including general business administration
• Audit, compliance, legal, policy, procedure, and regulatory obligations
• Customer claims and fraud investigation and prevention
• Systems and data security 
• Protecting the safety of our employees and others
• Targeted Advertising
• Profiling

3. Sources of Personal Information

We may collect Personal Information about you from the following categories of sources.  

• Directly from you through your interactions with us, such as when we collect Self-Reported Information. 

• Through Cookies and other tracking technologies, as discussed in more detail in Cookies and Other Tracking Technologies (Section 5 of this Policy). 
• From our Lab and Provider Partners, with your permission and in accordance with applicable law.  
• From other third parties, including our third party service providers, business and marketing partners, affiliates, analytics providers, ad network providers, ad agencies, and advertisers. 
• From government agencies or public records.
• From social media and other content platforms, such as Google and Meta, if you access the Services through a third-party connection or log-in or interact with us on these platforms use the Site or Services. 

We may supplement such information with information we obtain from other sources, including from both online and offline information providers.

4. To Whom We Disclose Personal Information

We limit our disclosure of the categories of Personal Information above to our service providers for one or more business purposes. “Business purposes,” for the purposes of this California Privacy Notice,  means the reasonably necessary and proportionate use of Personal Information for our operational purposes, other purposes described in this Privacy Policy, for the operational purposes of our service providers and contractors, as well as other purposes compatible with the context in which the Personal Information was collected.

We do not and have not sold Personal Information to third parties for any monetary value.  We do gather Personal Information from consumers via Cookies as part of our targeted advertising initiatives, which is technically considered a “sale” and/or “share” of Personal Information under California law, even though we do not receive monetary payment for sharing or disclosing Personal Information to these third parties. In this connection, during last 12 months (from the last updated date listed at the top of this Privacy Policy), we have “sold” or “shared” the following categories of Personal Information as those terms are defined under the CCPA:

• Identifiers
• Commercial information
• Internet or other electronic network activity information 

If you wish to opt-out of the “sale”/“sharing” of Personal Information that is gathered via Cookies when you visit our websites and/or use our Services, please exercise your preferences to do so using “Your Privacy Choices” link that is available at the bottom of our websites or by following the further instructions at Section 11(f) below.

As those terms are defined by California law, we do not “sell” or “share” your Lab Results or any other Self-Reported Information without your express, affirmative consent.

5. Your California Privacy Rights

If you are a California resident, you the following rights under applicable California law:

• Right to know and access. You have the right to know what Personal Information we collect, use, disclose, and sell and/or share, as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
• Right to delete and erase. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the Personal Information that we collect about you.
• Right to correct inaccurate Personal Information. You have the right to request the correction of inaccurate Personal Information.
• Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
• Right to opt out of sale and/or sharing. You have the right to opt-out of the sale and/or sharing of your Personal Information by a business. 
• Right to Limit Use and Disclosure. You have the right to limit the use or disclosure of your sensitive Personal Information to only the uses necessary for us to provide goods or services to you. We will not use or disclose your sensitive Personal Information after you have exercised your right unless you subsequently provide consent for the use of your sensitive Personal Information for additional purposes. 
• Sharing with third parties for their own direct marketing purposes. We do not disclose Personal Information to third parties for their own purposes without your consent.  If you wish to request information regarding such practices under California’s “Shine the Light” Law, please Contact Us. You must include your full name, email address, and postal address in your email or mail request so that we can verify your California residence and respond.
  
  

How to exercise your rights. You may exercise any of the rights described in this section by following the instructions in Section 10, supra (“Your Privacy Rights”)

6. Notice of Right to Opt-Out of Sale/Sharing

You have the right to opt-out of the sale and/or sharing of your Personal Information by a business. As noted above, we may “sell” and/or “share” your Personal Information for purposes of cross-context behavioral advertising. You may opt-out by following the instructions in Section 10, supra (“Your Privacy Rights”)

You can opt out of such sale or sharing by clicking the Your Privacy Choices link at the bottom of our website and selecting your preferences. You may also opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). To download and use a browser supporting the GPC browser signal, click here or visit: https://globalprivacycontrol.org/orgs. Please note that if you do not have an account with us or if you are not logged into your account, your opt out request will be linked to your browser identifier only and not linked to any account information, because the connection between your browser and your account is not known to us. 

We also encourage you to utilize the Cookie preferences options that appear in the Cookie banner on the Services.  Finally, you may also visit the websites of the Network Advertising Initiative and the Digital Advertising Alliance's Self-Regulatory Program for Online Behavioral Advertising for more information about opting out of seeing targeted digital advertisements and how to opt bank in if desired. You may also learn about your options to opt-out of mobile app tracking by certain advertising networks through your device settings.

We do not knowingly sell or share the Personal Information of minors under 16 years of age without legally-required affirmative authorization. If you are a parent or guardian and you believe that your child has provided us with information without your consent, please review the Children’s Privacy section and contact us by email atlegal@functionhealth.com.  

7. Retention of Personal Information

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. 

We will also retain certain Personal Information for internal analysis purposes. This information is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods. 

Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position, including regard to applicable statutes of limitations, litigation or regulatory investigations.

12. Nevada Privacy Notice

While we do not “sell” Personal Information as defined by Nevada Law, Nevada residents nonetheless have the right to request to opt out of any future “sale” of their Personal Information under Nevada SB 220 and SB 370. If you are a Nevada resident and would like to make such a request, please follow the instructions in Section 10, supra (“Your Privacy Rights”). You must include your full name, email address, and postal address in your email or mail request so that we can verify your Nevada residence and respond. In the event we sell your Personal Information after the receipt of your request, we will make reasonable efforts to comply with such request.

Additionally, SB 370 provides Nevada residents with rights to receive certain disclosures and access regarding the collection, use, sale, and sharing of Consumer Health Data. For information regarding the Consumer Health Data that we collect, how we use it, what sources it is derived from, to whom we disclose it, as well as the rights of Nevada residents and our responsibilities under SB 370, please see our Consumer Health Data Privacy Policy.   

13. Colorado, Connecticut, Utah, and Virginia Privacy Notice

This Privacy Notice applies to any Colorado, Connecticut, Utah, and Virginia residents about whom we collect Personal Information (for the purposes of this Article 13, “consumers”). The provisions contained within this section, in addition to the disclosures throughout the rest of this Policy, are intended to provide notices in compliance with the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”). This section does not apply to certain personal data that is already subject to certain federal and state regulations, such as protected health information.  

For the purposes of this Article 13, “personal data” means information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or Publicly Available Information. 

1. Our Personal Data Practices

The CPA, CTDPA, UCPA, and VCDPA provide rights to residents of Colorado, Connecticut, Utah, and Virginia, respectively, to receive certain disclosures and access regarding collection, use, sale, and sharing of personal data.  Detail about what kinds of personal data we may collect or have collected, how we collect it, why we collect it, and who we may disclose it to is found in the Personal Information We May Collect, Use, and Disclose; Sources of Personal Information; and Disclosure of Personal Information sections of this policy.  

We do not and have not sold Personal Information to third parties for any monetary value.  We do gather Personal Information via Cookies for the purposes targeted advertising; however, we do not sell or share your Lab Results or any other Self-Reported Information without your express, affirmative consent.

2. Your Privacy Rights 

If you are a resident of Colorado, Connecticut, Utah, or Virginia, you have the following rights under applicable law in relation to your personal data, subject to certain exceptions: 

• Right to know and access. You have the right to know what personal data we collect, use, disclose, and/or sell or share as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
• Right to delete and erase. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal data that we collect about you.
• Right to correct inaccurate personal data. You have the right to request the correction of inaccurate personal data.
• Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
• Right to opt out. You have the right to opt-out of targeted advertising, the sale of your personal data, and profiling decisions that could produce legal or similarly significant effects concerning the consumer.
• Rights concerning sensitive personal data. If you are a Connecticut, Colorado, or Virginia resident, we cannot and will not process your sensitive data (as defined by applicable law) or your sensitive data inferences, or use your personal data for certain purposes without your affirmative consent. If you are a Utah resident, you have the right to opt out of having your sensitive personal data processed and/or used. 

The CTDPA provides Connecticut residents with additional rights to receive certain disclosures and access regarding the collection, use, sale, and sharing of Consumer Health Data, as defined below. For information regarding the Consumer Health Data that we collect, how we use it, what sources it is derived from, to whom we disclose it, as well as the rights of Connecticut residents and our responsibilities under the CTDPA, please see our Consumer Health Data Privacy Policy.

How to exercise your rights. You may exercise any of the rights described in this section by following the instructions in Section 10, supra (“Your Privacy Rights”)

How to appeal decisions about your rights. Connecticut and Virginia residents can appeal our decisions concerning privacy rights requests, as follows:

• Connecticut residents. If you are a Connecticut resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Connecticut’s Office of the Attorney General by phone at (860) 808-5420 or by submitting a formhere
• Virginia residents.  If you are a Virginia resident and want to appeal our decision with regard to a request that you have previously made, please Contact Us or notify the Office of the Attorney General of Virginia online here. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Virginia’s Office of the Attorney General by phone at (804) 786-2071, written correspondence to 202 North 9^th Street, Richmond, Virginia 23219, or online here.

14. Changes to This Privacy Policy 

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Site, prior to the change becoming effective and update the “Effective Date” at the top of this Privacy Policy. We recommend reviewing this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Contact Us 

Please contact legal@functionhealth.com if you have any questions about this Privacy Policy, or if anything in here does not make sense or seem right to you. We are always open to feedback around our privacy policies and practices. Because email communications are not always secure, please do not include any sensitive information in your email to us. You can also write to us at: 316 West 12^th Street, Floor Six, Austin, TX 78701.