PRIVACY NOTICE
Effective: December, 2023
DxPortal and Mobile App


This Privacy Notice ("Privacy Notice") is Nextgen Management, LLC dba DxWeb Management LLC and DxWeb ("DxWeb", "us" or "we") explains required disclosures about how we collect, use, share and protect the personal information we may obtain about you when you use DxPortal available via the internet, which includes but is not limited to: DxWeb.com ("DxWeb Website" or "DxPortal") and DxWeb’s Mobile App for DxPortal ("Mobile App").

As a general matter: we only collect personal information you provide to us and your health care provider and their medical practice ("HCP"); we only share this with your HCP and internally in our own organization including to third parties with whom we have entered into contracts with allowed by law including under the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA”); and we do not share or disclose your personal information unless required by law or otherwise described below.

The term “personal information” in this Privacy Notice generally means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal information" or "PI").

The term "protected health information" or "PHI" is any information in your medical record that can be used to identify you and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment. PHI includes 1. Names; 2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000; 3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; 4. Phone numbers; 5. Fax numbers; 6. Electronic mail addresses; 7. Social Security numbers; 8. Medical record numbers; 9. Health plan beneficiary numbers; 10. Account numbers; 11. Certificate/license numbers; 12. Vehicle identifiers and serial numbers, including license plate numbers; 13. Device identifiers and serial numbers; 14. Web Universal Resource Locators (URLs); 15. Internet Protocol (IP) address numbers; 16. Biometric identifiers, including finger and voice prints; 17. Full face photographic images and any comparable images; and 18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data). We may or may not collect some of all of the above PHI.

To the extent that your PI is also PHI, as with PHI, since DxPortal is health related, it is governed by HIPAA and is also separately addressed in your HCP’s HIPAA Notice of Privacy Practices. To the extent that your PI is not PHI, it is governed by this Privacy Notice and applicable law from state to state concerning PI, sensitive information and other equivalent terms.

PI and PHI does not include publicly available, deidentified, or aggregated PI or PHI.

Please note that we maintain all PI, PHI and other information, under strict HIPAA security level standards as discussed below.

Collection of Personal Information

Information you submit to us or your HCP

When you register for or use the DxPortal or Mobile App, we may obtain personal information that you provide directly to us or your HCP or their medical practice. This may include your name and contact information (e.g., your address, phone number or email address); Account information (e.g., user ID, account profile, settings, registrations and preferences); demographic information (e.g., age, date of birth, marital status, gender, racial or ethnic origin); legal information (e.g., medical power of attorney, will or trust copies should you decide to submit them for safekeeping in DxPortal); health benefits and insurance information; pictures of yourself; career and education information; government identity information; and financial information. This may also include Information about your past history, family history, and social history, records of diagnoses, prescribed medications and treatments, lab and imaging test results, diagnostic procedures, like electrocardiogram (ECG) or colonoscopy, immunization records, observations by your HCP, and authorizations.

Information collected automatically

We may obtain PI, PHI and medical information about you that appears in your electronic medical record maintained by your HCP such as diagnostic test results or images. Other information that you have provided to your HCP may be automatically be collected in DxPortal or the Mobile App.

Use of Personal Information

DxWeb uses information obtained through DxPortal and from your HCP in furtherance of its assistance of your HCP in the provision of clinical medical services, to educate and inform users of DxPortal and for other compatible purposes, such as responding to your inquiries, facilitating and improving your online experience, and maintaining the security and integrity of DxPortal and the Mobile App. For example, If you give us your email address or phone number so that you can receive emails or text messages about particular activities or information, we will respond to your requests by email or by text. We may use information obtained through DxPortal and your HCP to create deidentifed or aggregated data (anonymized) which becomes exempt from HIPAA because it no longer identifies you, and which may used, shared, disclosed or sold for analytics, business planning or other purposes. We use your PI and PHI to fulfill our contractual obligations to your HCP and their medical practice, audit usage of DxPortal for business and security purposes. We use your PI and PHI for any purpose for which you consent in writing including by electronic means. Your PI and PHI may be used to respond to government inquiry or lawful law enforcement process or any other purposes as permitted by law such as the sale, merger, acquisition or other disposition of our business.

Limited Cookies for Functionality:

We do not use any tracking devices or cookies to follow your activities across other programs, websites or platforms. We only use cookies for website and mobile functionality reasons, to enable you to use DxPortal and the Mobile App. We maintain all of the information you submit to us and information from your medical records from your HCP at a strict level of security that is HIPAA complaint regardless of the type of information collected and stored. For HCP users: We do employ log/audit trails which preserve a record activity such as pages visited, and activities engaged in. We collect information you submit to us, and by law we retain records of your login and history of each session of use, which includes a record of what pages were viewed and any other activity. We do employ devices which will detect if communications are opened by an HCP user.

Who we share personal information with

We do not share your PI or PHI with anyone aside from your HCP or third parties with whom we have entered into contracts with allowed by law including under HIPAA as described in this Privacy Notice. We may share or disclose your information to law enforcement in response to legal process or otherwise required under applicable law.

Where and how we store personal information

While no web site can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your information collected via the Portal as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers ("SSL") technology, to help safeguard against such occurrences. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages, PHI or communications a person directs to DxWeb or the clinician team) to create a protected connection between you and our website to ensure confidentiality. Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via DxPortal. In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law. In order to help maintain security, you should never share your user ID or password and should always sign out when you are finished using DxPortal.

Your information is stored only within the United States.

How long we retain personal information

We retain personal information as required by our enterprise records retention schedule, which varies by business function, record classes, and record types. We calculate the retention period based upon the time the personal information is needed to: (a) fulfill the purposes described in this Privacy Notice, (b) meet the timelines required or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.

Children

DxPortal is not directed to children and is not for use of anyone under the age of 18 without the supervision of and permission of a parent or guardian. Only PHI is collected from children.

Your rights over your personal information

We extend the Right to Opt-Out, Limit Use and Disclosure and Deletion Requests to you and all users to the extent that the resulting treatment of the personal information does not violate HIPAA, HITECH or other applicable regulations.

Connecticut, Washington, Nevada and Virginia Users

The Connecticut Data Privacy Act (“CTDPA”), Washington Privacy Act (“WPA”), Nevada Privacy Act (“NCHDPL”) and Virginia Consumer Digital Privacy Act (“VCDPA”) include obligations and restrictions on processing, sharing and selling consumer health data that is not otherwise regulated by HIPAA. Some of those laws exempt PHI governed by the HIPAA and other health-related information, covered entities or business associates that must comply with HIPAA and PI that is maintained as PHI is under HIPAA, and some require Opt-Out, Limit Use and Disclosure and Deletion Requests. If you reside in one of those states, and you wish to opt-out, limit use and disclosure or make a deletion request, please contact DxWeb at the contact information below. California users, please see the Supplemental Privacy Notice for California Residents.

IMPORTANT: Rights are not absolutely guaranteed and there are several exceptions where we may not have an obligation to fulfill your request as it may be HIPAA information or deidentified or aggregated information (anonymized). We are only required to honor these rights to the extent that laws require us to respond. However, we encourage you to first contact us so we can address your concerns directly, since HIPAA, HITECH and other laws, regulations and best practices govern our business and your PI and PHI

Contact Information

If you have any questions or comments about this Privacy Notice, the ways in which DxWeb collects and uses your information described here and in the privacy policy associated with the DxPortal or Mobile App you use, your choices and rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us at:
Phone: 561-544-7944
Email: PrivacyInquiries@Dx-Web.com

Changes to this Privacy Notice

We may update this Privacy Notice from time to time, in which case we will update the Effective Date at the top of this page. When you use DxPortal or the Mobile App, you are agreeing to this Privacy Notice then in effect. Do not use DxPortal or the Mobile App if you do not agree with this Privacy Notice, the Terms of Use, and any other policies or terms that apply to the use of DxPortal or the Mobile App.
l have indicated my signature and acceptance of this DxPortal Privacy Policy on the signature page click box or other format for my Portal registration.
HIPAA PATIENT AUTHORIZATION (for e-signature)
You as the patient have agreed that you would like to receive information electronically via my patient portal and/or by email), and you represent and agree as follows ("I" means you, the patient): I have indicated to my health care provider and its business associate, NextGen Management, LLC d/b/a DxWeb Management LLC ("DxWeb") that I would like to receive information from my health care provider which may include receiving messages about my appointment reminders, prescriptions including educational materials, guidance and third-party financial savings offers in the form of coupons and special offers for prescription cost savings, prescription refill reminders, as well as medication and patient compliance reminders. I understand that in order to electronically access and/or receive email communications, I must provide personal information to DxWeb, such as my name, date of birth, telephone number or email address, and that DxWeb may also access information located in my medical record in the DxWeb Patient Portal known as DxPortal relevant to the prescriptions I have been and will be prescribed. I understand that this information is known as personal information (“PI”) and Protected Health Information ("PHI") as that term is defined in the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). I have also indicated to my health care provider that I would like to electronically access and/or receive email communications including third-party financial savings offers in the form of coupons and special offers for prescription cost savings ("Financial Savings Offers"), and that although related to my health care and treatment, these may be considered as marketing under HIPAA since my health care provider is communicating about a product or service in a way that encourages me to purchase or use that product or service such as the name brand product that appears on a prescription coupon. I further understand that Financial Savings Offers may be considered as advertising. I understand that DxWeb may aggregate and de-identify my PHI in accordance with HIPAA, either alone or with administrative data to create anonymous "aggregate data" regarding users of Text Messaging ("De-Identified Use Data" as defined under 45 C.F.R. § 165.514). De-Identified Use Data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal patient identity. This data does not identify me, but will be used as statistical information to determine such things as user demographics and usage patterns concerning the products relating to Financial Savings Offers, such as prescription medication. I understand that this De-Identified Use Data may be provided by DxWeb to third parties including to the manufacturers of the products appearing on prescription coupons, but that my physician does not receive any remuneration for this. I understand that this information is subject to the terms of DxWeb's DxPortal Privacy Notice that restrict its use to the specific purposes described in the DxPortal Privacy Notice and herein. I therefore authorize my health care provider and DxWeb to use my personal information/PHI in the manner stated above. I understand that this authorization is voluntary and I may refuse to sign. My refusal to sign will not affect my ability to obtain treatment or payment for my treatment. However, I may be ineligible to receive the above-requested communications. I may receive a copy of this authorization by submitting a request to DxWeb's contact information listed above. I understand that I may revoke this authorization by notifying DxWeb in writing to DxWeb's contact information listed above. However, I understand that this revocation will not apply to information that has already been released by DxWeb in reliance of this authorization. DxWeb will implement my revocation as soon as is commercially reasonable. I have indicated my signature and acceptance of this HIPAA Authorization on the signature page click box or other format for my Text Messaging registration or other method provided.


PRIVACY NOTICE FOR CALIFORNIA USERS
Effective: December, 2023
DxPortal and Mobile App


This Supplemental Privacy Notice for California Residents (“Supplemental CA Notice”) supplements the information contained in the Nextgen Management, LLC dba DxWeb Management LLC and DxWeb (“DxWeb”, “us” or “we”) general Privacy Notice above and further explains required disclosures about how we collect, disclose, and sell the personal information of California consumers, and the rights that California consumers may have under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”) where we act as a business under CCPA/CPRA.


The term “personal information” in this Supplemental CA Notice, as we are using that term as CCPA/CPRA defines it, generally means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information“ or “PI”). However, personal information does not include publicly available, deidentified, or aggregated personal information (which are all defined in CCPA/CPRA).

Notice Scope
What categories of personal information do we collect and who do we share it with or sell it to?

Our general Privacy Notice and this Supplemental CA Notice apply to your use of DxPortal available via the internet, which includes but is not limited to: DxWeb.com (“DxWeb Website” or “DxPortal”) and DxWeb’s Mobile App for DxPortal (“Mobile App”).

As a general matter: we only collect personal information you provide to us and your health care provider and their medical practice (“HCP”); we only share this with your HCP and internally in our own organization; and we never share or disclose your personal information unless required by law or otherwise described below.
California law, however, requires we restate some of this information for specific categories that are defined in CCPA/CPRA. The type of personal information we collect and how we handle that personal information, including if we share or sell that personal information, depends on how you are specifically interacting with us and which Services you are inquiring about. The CCPA/CPRA defines “selling” as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or a third party for monetary or other valuable consideration.” We do not sell your PI in the general sense of the term, but in the sense of disclosing PI, we “sell”, again, only as in the meaning of disclosure or sharing of your PI, and only to your HCP, their medical practice and to third parties with whom we have entered into contracts with allowed by law including HIPAA as otherwise described below.

In general, we have collected, disclosed for a business purpose, and sold (shared with your HCP) the following categories of personal information and sensitive personal information from California consumers within the last twelve (12) months:

In particular, DxWeb has received the following categories of personal information from users of DxWeb Website or Mobile App within the last 12 months (indicated with a “Yes” ONLY IF PROVIDED BY YOU to your HCP, their medical practice or us) and please note that the Mobile App is not currently active so all answers are for that are blank):

PI Category Examples as Defined in CCPA/CPRA Collected/Disclosed
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers. DxWeb Website: Yes
Mobile App:
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. DxWeb Website: Yes
Mobile App:
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). DxWeb Website: Yes
Mobile App:
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). DxWeb Website: Yes
Mobile App:
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. DxWeb Website: Yes
Mobile App:
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. DxWeb Website: Yes
Mobile App:
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. DxWeb Website: Yes
Mobile App:
G. Geolocation data. Physical location or movements. DxWeb Website: Yes
Mobile App:
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. DxWeb Website: Yes
Mobile App:
I. Professional or employment-related information. Current or past job history or performance evaluations. DxWeb Website: Yes
Mobile App:
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. DxWeb Website: Yes
Mobile App:
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. DxWeb Website: Yes
Mobile App:

Potential Sources of Personal Information
The DxWeb Website and Mobile Apps obtain personal information from the following categories of sources:
• Directly from you. For example, from forms you complete, communications you send to your health care provider or others send to our health care provider such as laboratory or diagnostic imaging and resulting reports; also information you provide to DxPortal, etc.
From your representative. For example, someone at your request may provide DxWeb with information to create a DxPortal account on your behalf, etc.

How We May Use Personal Information
We may use personal information for the following purposes:
• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to us, we will use that personal information to respond to you.
• To provide, support, personalize, and develop the DxWeb Website or Mobile App to better serve you.
• To create, maintain, customize, and secure your account that requires a personal login.
• To process your requests.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To personalize your experience on the DxWeb Website or Mobile App and to deliver content relevant to your expressed interests.
• To help maintain the safety, security, and integrity of the DxWeb Website and Mobile App services, databases and other technology assets, and business.
• For testing, analysis, and product development, including to develop and improve our DxWeb Website or Mobile App.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• To create deidentifed or aggregated data (anonymized) which becomes exempt from HIPAA and/or CCPA/CPRA because it no longer
identifies you, and which may used, shared, disclosed or sold for analytics, business planning or other purposes.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA/CPRA.
We will not use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. Please review the Privacy Notice associated with the DxWeb Website or Mobile App you use in order to review the specific ways in which your information may be used.

Sharing Personal Information
We may disclose your personal information to your HCP or their medical group, or a third party, for a business purpose. When we disclose personal information for a business purpose, we have previously entered into a contract such as a HIPAA business associate agreement and other agreements that describe the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract at HIPAA compliant or more stringent levels of confidentiality and security. Please review the general Privacy Notice above in order to review the individuals or third parties that may have access to your personal information.

Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, DxWeb has disclosed the following categories of personal information for a business purpose as described above: Category A: Identifiers. Category B: California Customer Records personal information categories. Category C: Protected classification characteristics under California or federal law. Category F: Internet or other similar network activity. Category I: Professional or employment-related information. Category J: Non-public education information. Category K: Inferences drawn from other personal information.

Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, DxWeb has disclosed the following categories of personal information for a business purpose as described above:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity.
Category I: Professional or employment-related information.
Category J: Non-public education information.
Category K: Inferences drawn from other personal information.

Your Rights and Choices
In the preceding twelve (12) months, DxWeb has disclosed the following categories of personal information for a business purpose as described above:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity.
Category I: Professional or employment-related information.
Category J: Non-public education information.
Category K: Inferences drawn from other personal information.

IMPORTANT: These rights are not absolutely guaranteed and there are several exceptions where we may not have an obligation to fulfill your request due to exemption from CCPA/CPRA as it may be HIPAA information or deidentified or aggregated information (anonymized). We are only required to honor these rights to the extent that we act as a business/controller under CCPA/CPRA and the requested rights have been granted and apply to you under CCPA/CPRA. Please consult CCPA/CPRA to determine what rights may be available to you and when access to these rights is limited. You may appeal an adverse decision on your requests by emailing or writing to us; and you have the right to lodge a complaint to the California Attorney General if you are not satisfied with our responses to your requests or how we manage your personal information. However, we encourage you to first contact us so we can address your concerns directly, since HIPAA, HITECH and other laws, regulations and best practices govern our business and your PI and HIPAA protected health information (“PHI”).

Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request for exercising access, data portability, and deletion rights under California law), we will disclose to you:
• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we disclosed your personal information for a business purpose, a list of the disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Right to Opt-Out, Limit Use and Disclosure and Deletion Requests (Privacy Rights)
You have the right to opt-out of the sale and sharing of PI as sale and sharing are defined under the CCPA/CPRA (here, only by sharing and disclosure to your HCP or their medical practice) and request that we comply with that and such other requests including the limitation of use, disclosure and deletion of PI, which requests regarding your personal information that we have collected from you and retained, are subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will for example, delete (and direct our service providers to delete) your personal information from our records, unless an exception applies such as HIPAA and HITECH regulations. We may deny your privacy rights request(s) if retaining the information is necessary for us or our service provider(s) to:
1. Complete a transaction for which we collected the personal information, provide something that you requested, take actions reasonably anticipated within the context of our ongoing relationship with you, or fulfill any legal obligations we may have such as under HIPAA and HITECH.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
9. Respond to government or law enforcement demands by formal process.
We do not provide these access, data portability and privacy rights for personal information (including health information) that is stored or otherwise used by healthcare systems or other Covered Entities (as that term is defined in HIPAA, generally other medical practices or entities with whom you have a relationship). Contact your healthcare system(s) if you have questions about these rights with respect to information about you that is stored or otherwise used by them including their privacy policies and terms of use.

Exercising Privacy Rights
To exercise the privacy rights described above, please submit a verifiable consumer request to us by either:
• Emailing us at PrivacyInquiries@Dx-Web.com or
• Calling us at 561-544-7944

Only you or someone legally authorized to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, email us at CalPrivacyInquiries@Dx-Web.com and include a designation of your authorized agent in your email, including the agent’s name, email address, and other relevant information that will help us identify your authorized agent. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
   o First, Middle (if available), and Last Name
   o California address
   o Valid email address
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

CCPA Consumer Request for Metrics
The following is a disclosure of how many California consumers made privacy requests for the prior calendar year (in accordance with Section 999.317(g) of the CCPA):
     January 1 – December 31, 2023:

Request Type Count Average Days to Close
Data Access Request 0
Complete
Rejected
Delete my PI 0
Complete
Rejected
Do Not Sell My Personal Information 0
Complete
Rejected
Grand Total 0

Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is usable and should allow you to transmit the information from one entity to another entity. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. Unless permitted by the CCPA/CPRA, we will not deny you goods or services or provide you a different level or quality of goods or services for exercising any of your CCPA/CPRA rights.

Changes to Our Privacy Notice and Supplemental CA Notice
We reserve the right to amend our Privacy Notice and this Supplemental CA Notice at our discretion and at any time. When we make changes to this Supplemental CA Notice, we will post the updated Notice on this website and update the Notice’s effective date. Your continued use of the DxWeb Website or Mobile App following the posting of changes constitutes your acceptance of such changes.

Contact Information
If you have any questions or comments about this Supplemental CA Notice, the ways in which DxWeb collects and uses your information described here and in the privacy policy associated with the DxWeb Website or Mobile App you use, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 561-544-7944
Email: PrivacyInquiries@Dx-Web.com
Postal Address:
DxWeb
5355 Town Center Road Suite 203
Boca Raton, Fl 33486