Sofwave Privacy Notice 

Block hero header background image

This Privacy Notice applies to the processing of personal information by Sofwave Ltd. (“Sofwave,” “we,” “us,” or “our”) on our website available at https://sofwave.com/, our mobile application, and our other related online or offline offerings which link to, or are otherwise subject to, this Privacy Notice (collectively, the “Site”).

Disclosure Regarding the California Consumer Privacy Act (Notice at Collection). For information on our processing of personal information that is subject to the California Consumer Privacy Act (“CCPA”), please see Supplemental U.S. Privacy Notice.

Special Note to Users Interacting with a Sofwave-Contracted Provider. Our services are available only to providers with a contractual relationship with Sofwave. If you engage directly with a Sofwave-contracted provider, this Privacy Notice does not apply to the protected health information collected, created, used, or shared pursuant to the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). Any questions, rights requests, and/or concerns about your protected health information should be directed to your provider.

Special Note to Connecticut, Nevada, and Washington Sofwave Users and Potential Users . For information on our processing of “consumer health data” via the Site that is subject to the Connecticut Data Privacy Act, as amended, Washington My Health My Data Act, or Nevada Consumer Health Data Privacy Law, please see Supplemental Consumer Health Data Privacy Notice.

1. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on our website, and/or we may also send other communications.

2. PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide to us, personal information we collect automatically when you use the Site, and personal information from third-party sources, as described below.

A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

  • Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email, the contact form on the Site, or our web chat tool.

  • Transactions. We may collect personal information and details associated with your transactions on the Services, including payment information. Any payments made via our Site are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).

  • Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

  • Interactive Features. We and others who use our Site may collect personal information that you submit or make available through our interactive features (e.g., messaging features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Site will be considered “public.”

  • Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.

  • Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

  • Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and CV.

B. Personal Information Collected Automatically

We may collect personal information automatically when you use the Site.

Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information).

Usage Information. We may collect personal information about your use of the Site, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Site.

Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Site.

  • Cookies. Cookies are small text files stored in device browsers.

  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Site that collects personal information about use of or engagement with the Site. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

C. Personal Information Collected from Third Parties

We may collect personal information about you from third parties. For example, if you access the Site using a third-party website, application, service, products, or technology (each, a “Third-Party Service”), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings.

3. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Site, to improve the Site, to improve our products and services, to develop new products and services, to operate our business, to provide you with marketing materials, and with your consent, as described below.

A. Provide the Site

We use personal information to fulfill our contract with you and provide the Site, such as:

  • Providing access to certain areas, functionalities, and features of the Site;

  • Answering requests for support;

  • Communicating with you;

  • Sharing personal information with third parties as needed to provide the Site; and

  • Processing your financial information and other payment methods.

B. Improve the Site, Improve our Products and Services, and Develop New Products and Services

We use personal information to improve the Site, to improve our products and services, and to develop new products and services.

C. Operate Our Business

  • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;

  • Carrying out analytics;

  • Creating de-identified and/or aggregated information;

  • Processing applications if you apply for a job we post on our Site;

  • Allowing you to register for events;

  • Enforcing our agreements and policies; and

  • Carrying out activities that are required to comply with our legal obligations.

D. Marketing

We may use personal information to tailor and provide you with marketing and other content.

E. With Your Consent or Direction

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.

4. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes, including to provide the Site, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide the Site

We may disclose any of the personal information we collect to the categories of third parties described below.

  • Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Site. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our chat features.

Some of the service providers we may use include:

  • Google Analytics. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your personal information, please click here.

  • Hotjar. We use Hotjar’s session replay analytics services. This allows us to record and replay an individual’s interaction with the Services. For more information about how Hotjar uses your personal information, please visit the “Personal Data collected from a visitor of a Hotjar Enabled Site” section of Hotjar’s Privacy Policy. To learn more about how to opt-out of Hotjar’s use of your information, please click here.

  • Third-Party Services You Share or Interact With. The Site may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use a Third-Party Service.

Any personal information shared with a Third-Party Service will be subject to the Third- Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.

  • Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.

Once your personal information is shared with our business partner, it will also be subject to our business partner’s privacy policy. We are not responsible for the processing of personal information by our business partners.

  • Affiliates. We may share your personal information with our corporate affiliates.

  • Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Site to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising”, “personalized advertising”, or “targeted advertising.”

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

5. YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices. The privacy choices you may have about your personal information are described below.

  • Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Site, and you will not be able to opt out of those communications (e.g., communications regarding the Site or updates to this Privacy Notice).

  • Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.

  • Mobile Devices. We may send you push notifications through our mobile application. You may opt out of receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device. To request deletion of your account, please use the standard deletion functionality available via the Services or contact us using the information set forth in “Contact Us” below.

  • “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

  • Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Site may not work properly.

Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of certain tracking on some mobile applications by following the instructions for Android, iOS, and others.

The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the Network Advertising Initiative and the Digital Advertising Alliance.

Please note you must separately opt out in each browser and on each device.

Your Privacy Rights.

In accordance with applicable law, you may have the right to:

  • Request Access to or Portability of Your Personal Information;

  • Request Correction of Your Personal Information;

  • Request Deletion of Your Personal Information;

  • Request Restriction of or Object to our Processing of Your Personal Information;

  • Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your personal information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws); and

  • Withdraw Your Consent to our Processing of Your Personal Information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

To opt out of our “sale” of personal information or “targeted advertising” that relies on Technologies, please click on “My Privacy Choices” in the footer below.

Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.

To protect your privacy, we will take steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to confirm the email address we have associated with you.

Some laws may allow you to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.

If your personal information is subject to the applicable data protection laws of the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.

6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. These countries may or may not have adequate data protection laws as defined by the data protection authority in your country.

If we transfer personal information from the European Economic Area, Switzerland, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

7. RETENTION OF PERSONAL INFORMATION

We store the personal information we collect as described in this Privacy Notice for as long as you use the Services, or as long as necessary to fulfill the purpose(s) for which it was collected, or as long as necessary to pursue our business purposes.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements; the amount, nature, and sensitivity of the personal information; certain risk factors; the purposes for which we process your personal information; and whether we can achieve those purposes through other means.

8. SUPPLEMENTAL NOTICE FOR EU/UK GDPR

This Supplemental Notice for EU/UK GDPR applies only to our processing of personal information that is subject to the EU or UK General Data Protection Regulation.

In some cases, providing personal information may be a requirement under applicable law, a contractual requirement, or a requirement necessary to enter into a contract. If you choose not to provide personal information in cases where it is required, we will inform you of the consequences at the time of your refusal to provide the personal information.

Sofwave’s processing of your personal information may be supported by one or more of the following lawful bases:

Privacy Notice SectionLawful Basis: Performance of a Contract (i.e., to provide the Services to you)Lawful Basis: Legitimate InterestLawful Basis: ConsentLawful Basis: For Compliance with Legal Obligations
Section 3A: Provide the Site
Section 3B: Improve the Site, Improve our Products and Services, and Develop New Products and Services
Section 3C: Operate Our Business
Section 3D: Marketing
Section 3E: With Your Consent or Direction

If we process personal information that is considered a “special category of personal data,” then our processing of this personal information may be supported by one or more of the following conditions:

  • Explicit Consent: You may have provided your explicit consent for our processing of your personal information.

  • Necessary for Employment, Social Security, or Social Protection Law Purposes: Our processing of your personal information may be necessary for the purposes of carrying out obligations and exercising specific rights in the field of employment, social security, and/or social protection law.

  • Necessary to Protect Vital Interests: Our processing of your personal information may be necessary to protect your vital interests if you are physically or legally incapable of giving consent.

  • In Connection with a Foundation, Association, or Other Non-Profit Body. Our processing of your personal information may be carried out in the course of our legitimate activities in connection with our foundation, association, or other non-profit body.

  • Publicly Available Personal Information: Our processing of your personal information may relate to personal information that has been manifestly made public by you.

  • Necessary for the Establishment, Exercise, or Defense of Legal Claims: Our processing of your personal information may be necessary for the establishment, exercise, or defense of legal claims.

  • Necessary for Substantial Public Interest: Our processing of your personal information may be necessary for reasons of substantial public interest.

  • Necessary for Medical Purposes: Our processing of your personal information may be necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services, or it may be necessary pursuant to a contract with a health professional.

  • Necessary for Substantial Interest in the Area of Public Health: Our processing of your personal information may be necessary for reasons of public interest in the area of public health.

  • Necessary for Archiving, Research, or Statistical Purposes. Our processing of your personal information may be necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.

9. CHILDREN’S PERSONAL INFORMATION

The Site is not directed to children under 18 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has uploaded personal information to the Site in violation of applicable law, you may contact us as described in “Contact Us” below.

10. CONTACT US

Sofwave is the controller of the personal information we process under this Privacy Notice.

If you have any questions about our privacy practices or this Privacy Notice or to exercise your choices and rights as detailed in this Privacy Notice, please contact us at: privacy.policy@sofwave.com.

ANNEX A

Supplemental U.S. Privacy Notice

This Supplemental U.S. Privacy Notice supplements our Privacy Notice and only applies to our processing of Personal Information from U.S. consumers residing in a state with a comprehensive privacy law.

NOTICE AT COLLECTION

At or before the time of collection, U.S. consumers residing in a state with a comprehensive privacy law have a right to receive notice of our privacy practices. Such consumers can find this information below.

Personal Information Collected. See the section of this Supplemental U.S. Privacy Notice titled “Overview of Personal Information Collected, Disclosed, Sold and/or Shared” for a list of personal information which may be collected. If we have previously collected personal information in the past 12 months, we may collect that personal information from you.

Uses of Personal Information. See the section of this Supplemental U.S. Privacy Notice titled “Uses of Personal Information” for a list of the purposes for which we use personal information.

Is Personal Information “Sold” or “Shared” for “Cross-Context Behavioral Advertising”? Yes. See the section of this Supplemental U.S. Privacy Notice titled “Overview of Personal Information Collected, Disclosed, Sold and/or Shared” for more details. If we have previously “sold” personal information or “shared” personal information for “cross-context behavioral advertising” in the past 12 months, we may “sell” or “share” that personal information if collected from you. See the section of this Supplemental U.S. Privacy Notice titled “Right to Opt Out of ‘Sales’ of Personal Information and/or ‘Sharing’ for ‘Cross-Context Behavioral Advertising’” for instructions on how to opt-out of these activities.

How Long is Personal Information Retained For? To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

Additional Information. For more information on our privacy practices, please review this Supplemental U.S. Privacy Notice and our Privacy Notice. Importantly, the section of our Privacy Notice titled “Your Privacy Choices and Rights” includes important details about how you can exercise some of the rights which you have under U.S. privacy laws.

CATEGORIES OF SOURCES FROM WHICH PERSONAL INFORMATION IS COLLECTED

We collect personal information that you provide to us, personal information we collect automatically when you use the Sites, and personal information from third-party sources.

OVERVIEW OF PERSONAL INFORMATION COLLECTED, DISCLOSED, SOLD, AND/OR SHARED

U.S. consumers residing in a state with a comprehensive privacy law are provided with the right to know what categories of personal information Sofwave has collected about them, whether Sofwave disclosed that personal information for a business purpose (e.g., to a service provider), whether Sofwave “sold” that personal information, and whether Sofwave “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. U.S. consumers residing in a state with a comprehensive privacy law can find this information below:

Category of Personal Information Collected by SofwaveCategory of Third Parties To Whom Personal Information is Disclosed to for a Business PurposeCategory of Third Parties To Whom Personal Information is Shared for Cross-Context Behavioral Advertising
IdentifiersService Providers
Business Partners
Third-Party Services You Share or Interact With
You Share or Interact With
Advertising Partners
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))Service Providers
Business Partners
Third-Party Services You Share or Interact With
Advertising Partners
Protected classification characteristics under California or federal lawService ProvidersN/A
Commercial informationService Providers
Third-Party Services You Share or Interact With
Advertising Partners
Internet or other electronic network activityService Providers
Third-Party Services You Share or Interact With
Advertising Partners
Geolocation dataService ProvidersAdvertising Partners
Professional or employment-related informationService ProvidersN/A
Inferences drawn from other personal information to create a profile about a consumerService ProvidersAdvertising Partners
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an accountN/AN/A
Personal information that reveals a consumer’s precise geolocationService Providers
Business Partners
N/A
Personal information collected and analyzed concerning a consumer’s healthService Providers
Business Partners
N/A

USES OF PERSONAL INFORMATION

We may use and disclose the personal information that we collect for the following business and commercial purposes:

  • Providing the Sites as further described in our Privacy Notice;

  • Processing for administrative purposes as further described in our Privacy Notice;

  • Processing to improve the Sites and develop new products and services, as further described in our Privacy Notice;

  • Processing to operate our business, as further described in our Privacy Notice;

  • Processing for marketing purposes as further described in our Privacy Notice;

  • Processing with your consent or direction as further described in our Privacy Notice;

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;

  • Helping to ensure security and integrity to the extent the use of personal information is reasonably necessary and proportionate for these purposes;

  • Debugging to identify and repair errors that impair existing intended functionality;

  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with Sofwave;

  • Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

  • Providing advertising and marketing services;

  • Undertaking internal research for technological development and demonstration;

  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Sofwave, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Sofwave.

RIGHT TO OPT OUT OF “SALES” OF PERSONAL INFORMATION AND/OR “SHARING” FOR “CROSS-CONTEXT BEHAVIORAL ADVERTISING”

We don’t “sell” personal information as most consumers typically define the term “sell” or “sold.”  However, our Sites use advertising and analytics tools provided by third parties that may constitute a “sale” of personal information under certain state laws.  We “share” your personal information for “cross-contextual behavioral advertising” to provide you with “cross-context behavioral advertising” about Sofwave’s products and services.

U.S. consumers residing in a state with a comprehensive privacy law may have the right to opt out of the “sharing” of personal information for “cross-context behavioral advertising.” To exercise these rights, such U.S. consumers should click on "My Privacy Choices" in the footer below.

DISCLOSURE REGARDING INDIVIDUALS UNDER THE AGE OF 16

Sofwave does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. Sofwave does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”

DISCLOSURE REGARDING SENSITIVE PERSONAL INFORMATION

Sofwave only uses and discloses sensitive personal information for the following purposes :

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.

  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.

  • To resist malicious, deceptive, fraudulent, or illegal actions directed at Sofwave and to prosecute those responsible for those actions.

  • To ensure the physical safety of natural persons.

  • For short-term, transient use.

  • Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

  • To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Sofwave, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Sofwave.

  • For purposes that do not infer characteristics about individuals.

NON-DISCRIMINATION

California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.

ANNEX B

Supplemental Consumer Health Data Privacy Notice

This Supplemental Consumer Health Data Privacy Notice (“Consumer Health Data Privacy Notice”) supplements the Sofwave Privacy Notice.

This Consumer Health Data Privacy Notice only applies to personal information that we process that is “consumer health data” subject to the Connecticut Data Privacy Act, as amended (“CTDPA”), Washington My Health My Data Act (“MHMDA”), Nevada’s Consumer Health Data Privacy Law (“NVCHDPL”), or other states with consumer health data privacy laws (as applicable).

Terms used in this Consumer Health Data Privacy Notice that are defined in CTDPA, MHMDA, or NVCHDPL will have the meanings set forth in those laws, to the extent such laws are applicable.

11. Consumer Health Data We Collect

Under CTDPA, “consumer health data” is defined as “any personal data that a controller uses to identify a consumer's physical or mental health condition or diagnosis, and includes, but is not limited to, gender-affirming health data and reproductive or sexual health data.”

Under the MHMDA, “consumer health data” is defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.”

Under NVCHDPL, “consumer health data” is defined as “personally identifiable information that is linked or reasonably capable of being linked to a consumer and that a regulated entity uses to identify the past, present or future health status of the consumer.”

Because consumer health data is defined very broadly, many of the categories of personal information that we collect under our Privacy Notice may also be considered consumer health data.

Examples of consumer health data that you may provide to us, or that we may otherwise collect, may include:

  • Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. For example, we collect information you submit to the Site, which may include information concerning your health and wellbeing, mental health, medical conditions, or other health-related topics.

  • Information about your health-related conditions, symptoms, status, diagnoses, disease, testing, or treatments.

  • Information about social, psychological, behavioral, and medical interventions.

  • Information about use or purchase of prescribed medication.

  • Information about measurements of bodily functions, vital signs, symptoms, or characteristics.

  • Information about diagnoses or diagnostic testing, treatment, or medication.

  • Information about surgeries or other health-related procedures.

  • Reproductive or sexual health information.

  • Biometric information.

  • Genetic data.

  • Information related to the precise (geo)location information of a consumer used to indicate an attempt by a consumer to receive health care services or products.

  • Other information that may be used to infer or derive data related to the above or other consumer health data.

12. Sources of Consumer Health Data

We collect consumer health data that you provide to us, consumer health data we collect automatically when you use the Site, and consumer health data from third-party sources, as described in our Privacy Notice and below.

13. Why We Collect and Use Consumer Health Data

We collect and use consumer health data for the purposes and in the manner described in the “How We Use Personal Information” section of the Privacy Notice.

Primarily, we collect and use consumer health data as reasonably necessary to provide you with the Site, fulfill your requests submitted via the Site, or as otherwise authorized by you. This may include delivering and operating the Site and its features, personalization of certain Site features, ensuring the secure and reliable operation of the Site and the systems that support the Site, troubleshooting and improving the Site, and other essential business operations that support the provision of the Site (such as analyzing our performance and meeting our legal obligations).

We may also use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law.

14. Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described above and in the “How We Use Personal Information” section of the Privacy Notice.

We only share or disclose your consumer health data as needed to provide you with the Site, or with your explicit consent. We may share or disclose any or all the above categories of consumer health data to the following entities, who shall use the data only as permitted for the purposes set forth above, and within the bounds of our contracts with them:

These general categories of third parties:

  • Business Collaborators

  • Life Sciences Companies

  • Product co-promotion partners

  • Product co-development partners

  • Marketing and Advertising Agencies

  • Social Media Companies and Platforms

  • Service Providers (including those hosting or analyzing data on our behalf, those assisting with fraud prevention, those assisting in program administration, those assisting in incident management and reporting, those administering our call center and websites, and those who assist with our information technology and security programs)

  • Emergency Personnel

  • Authorized/legal representatives, family members, and caregivers

  • Third parties (including those with whom Sofwave has joint marketing and similar arrangements, those who provide marketing and data analytics services, those who provide program enrollment or product fulfillment, payment, and authorization, other third parties as necessary to complete transactions and provide products or Services, or where required by law)

  • Sofwave lawyers, auditors, and consultants

  • Legal and regulatory bodies

In addition, we may share or disclose consumer health data as permitted or required by law, such as (i) to an acquiring organization if we are involved in a sale or a transfer of our business, (ii) as needed to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, (iii) in situations that may involve violations of our terms of use or other rules, (iv) to protect our rights and the rights and safety of others, (v) as needed to support external auditing, compliance and corporate governance functions, (vi) as needed to preserve the integrity or security of our systems, or (vii) to investigate, report, or prosecute those responsible for any action that is illegal under applicable state or federal law.

15. How to Exercise Your Rights

The CTDPA, MHMDA and NVCHDPL provide consumers with certain rights with respect to consumer health data.

Under CTDPA, Sofwave is required to obtain consumer consent prior to selling or offering to sell, consumer health data. Consumers have the right to: (i) confirm whether Sofwave is collecting or sharing consumer health data; (ii) have Sofwave provide the categories of consumer health data that it shares with third parties and the categories of third parties with which it shares consumer health data; and (iii) withdraw consent from Sofwave’s selling of consumer health data.

Under MHMDA, consumers have the right to: (i) confirm whether Sofwave is collecting, sharing, or selling consumer health data and to access such data; (ii) withdraw consent from Sofwave’s collection and sharing of consumer health data; and (iii) request that Sofwave delete consumer health data.

Under NVCHDPL, consumers have the right to: (i) confirm whether Sofwave is collecting, sharing or selling consumer health data; (ii) have Sofwave provide the consumer with a list of all third parties with whom Sofwave has shared consumer health data relating to the consumer or to whom Sofwave has sold such consumer health data; (iii) request that Sofwave cease collecting, sharing, or selling consumer health data relating to the consumer; and (iv) request that Sofwave delete consumer health data.

The rights afforded to consumers under CTDPA, MHMDA and NVCHDPL are subject to certain exceptions.

Subject to certain legal limitations and exceptions, you have the following rights with respect to any consumer health data we may collect about you:

  • The right to confirm whether we are collecting, sharing, or selling your consumer health data and to access such data, including to receive a list of affiliates or specific third parties with whom we have shared or sold your information, along with contact information such as an active email address for each third party;

  • The right to review and request corrections to your consumer health data;

  • The right to withdraw consent from our collection or sharing of your consumer health data; and

  • The right to request that we delete your consumer health data.

You can request to exercise such rights by contacting us at: privacy.policy@sofwave.com.

Sofwave will not discriminate against you for exercising any of your rights. We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. Please allow 45 days for a response.  We may, after receiving your request, require additional information from you to authenticate your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so. If your request to exercise a right is denied, you may appeal that decision by contacting us at: privacy.policy@sofwave.com. We will process and respond to your appeal within the time permitted by applicable law.

If you are a Washington resident and your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

16. Disclosure Regarding Third Party Collection of Consumer Health Data under NVCHDPL

This section only applies to our processing of consumer health data that is subject to NVCHDPL.

We do not allow third parties to collect consumer health data over time and across different Internet websites or online services when the consumer uses any Internet website or online service of Sofwave.

Nonetheless, please note that third parties may still be able to collect consumer health data from you over time and across different websites depending on your browser, browser add-ons, and associated permissions you set on your device.

This collection of consumer health data by those third parties is unrelated to Sofwave’s collection of consumer health data from you, and we encourage you to view those third parties’ privacy notices for more information about their processing of consumer health data and the methods they provide to allow you to opt out of such processing.

17.Updates to This Consumer Health Data Privacy Notice

We may update this Consumer Health Data Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Consumer Health Data Privacy Notice on our website, and/or we may also send other communications.

ANNEX C

Consumer Health Data Authorization

This Consumer Health Data Privacy Authorization (“Authorization”) supplements the Sofwave (“Sofwave”, “we,” “us,” or “our”) Privacy Notice, Supplemental Consumer Health Data Privacy Notice, and the https://sofwave.com/ cookie banner and applies only to “consumer health data” subject to the Connecticut Data Privacy Act, as amended (“CTDPA”), Washington My Health My Data Act (“MHMDA”), Nevada Consumer Health Data Privacy Law (“NVCHDPL”), or other states with consumer health data privacy laws (as applicable).

Terms used in this Authorization defined in CTDPA, MHMDA, NVCHDPL, or other applicable state consumer health data privacy laws will have the meaning set forth in those laws to the extent such laws are applicable.

If you opt-in to “personalized marketing” through the https://sofwave.com/ cookie banner, you allow us to “sell” your consumer health data as described below:

  • Specific consumer health data intended for “sale”:  Consumer health data collected via cookies and similar technologies including but not limited to browsing activity on our website.

  • Purpose of the “sale” of consumer health data:  To tailor and deliver personalized advertisements to you.

  • How consumer health data purchasers gather and use the data: Consumer health data purchasers will gather the data via cookies and other tracking technologies when you visit https://sofwave.com/. These purchasers may use the data to assist us to deliver personalized advertisements to you and in accordance with their privacy policies linked below.

  • Consumer health data purchasers’ contact information:

Please note:

  • The provision of goods or services may not be conditioned upon you accepting the terms of this Authorization.

  • Purchasers may redisclose the consumer health data sold under this authorization and such data may no longer be protected by the CTDPA, MHMDA, NVCHDPL, and/or applicable state consumer health data privacy laws.

  • You may revoke this authorization at any time through the https://sofwave.com/ cookie banner To do so, please be sure the box next to “Personalize marketing” is unchecked and click “Save my choices.” you may also click “Decline all” to decline our use of all cookies not required to operate our website.

    • A revocation will not impact previously sold consumer health data. In addition, if you use different browsers or devices, you must indicate your choices on each browser/device used to access https://sofwave.com/.

If you have any questions about how to revoke your authorization, please contact: privacy.policy@sofwave.com

  • This authorization will expire one (1) year after accepting it.

This version was last updated on October 9, 2025.