EHE International respects individuals’ privacy, and strives to collect, use and disclose personalinformation in a manner consistent with the laws of the countries in which it and its subsidiaries do business.

This Privacy Shield Privacy Policy (the “Policy”) describes the privacy principles as follows with respect to certain personal information transmitted to EHE International in the United States of America (the “U.S.”) from countries located within the European Economic Area and Switzerland.

Privacy Shield Overview

The U.S. Department of Commerce and the European Commission as well as the Swiss Federal Council have agreed on a set of data protection principles and associated supplemental principles to enable U.S. companies to satisfy European Union (“EU”) and Swiss law requiring that Personal Data transferred from the EU and/ or Switzerland to the U.S. be adequately protected (the “EU-U.S. Privacy Shield” and the “Swiss-U.S

The European Economic Area (the “EEA”), which as of the date of this Policy includes all member states of the EU and Iceland, Liechtenstein and Norway, and Switzerland have recognized the Privacy Shield as providing adequate protection of Personal Data.

Consistent with its commitment to protect personal privacy, EHE International has decided to voluntarily adhere to the principles set forth in the Privacy Shield (the “Privacy Shield Principles”). As such, EHE International has certified its compliance with the Privacy Shield Principles with the U.S. Department of Commerce.

For more information about the Privacy Shield Principles or to access EHE International's certification statement, please go to https://privacyshield.gov.

Should there be any conflict between the Privacy Shield Principles and this Policy, this Policy shall be interpreted to be consistent with the Privacy Shield Principles.

Notice

Where EHE International collects Personal Data directly from individuals in the EEA and/ or Switzerland or receives it from its European or Swiss affiliates, it or its European or Swiss affiliates will inform those individuals about the purposes for which they collect and use Personal Data about them; the transfer of Personal Data to EHE International in the U.S., the types or identity of third parties to which EHE International discloses that information and the purposes for which it does so; and the choices and means EHE International offers individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to EHE International, or as soon as practicable thereafter, and in any event before EHE International uses the information for a purpose other than that for which it was originally collected.

The information that we obtain comes either directly from you or from your Sponsor. Your Sponsor (e.g. your employer) may provide us with your personal information to identify you as an eligible EHE member. EHE respects the right to privacy for all patients who enter our facilities and all visitors who come to our website. At no time will we collect information that would personally identify you unless you choose to provide it. Any personal information that you submit, such as for appointment requests, is only shared with the appropriate people of the organization who need this information to respond to your request. Information submitted through our website may be collected to ensure technical functionality or to address any inappropriate use of ourwebsite or services.

To store information in EHEandME, you will need an account with EHEandME.EHEandME’s servers automatically record log information about your use of EHEandME (such as number of sign–ins and number of times a link was clicked).

EHEandME may aggregate data to publish trend statistics and associations.The information that we collect about you may also be used for:

Choice

EHE International will offer individuals in the EEA or Switzerland the opportunity to choose (by either opt-out or opt-in) if their Personal Data is (a) to be disclosed to a third party that is not an Agent, or (b) to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Data, EHE International will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to permit EHE International to (a) disclose their Sensitive Personal Data to a third party that is not an Agent or (b) use Sensitive Personal Data for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual. EHE International will provide individuals with reasonable, clear and conspicuous and readily available mechanisms to exercise these choices.

Accountability for Onward Transfer

In the event EHE International discloses Personal Data covered by this Policy to a non-agent third party, it will do so consistent with any notice provided to Data Subjects and any choice they have exercised regarding processing and disclosure. EHE International will only disclose Personal Data to third parties that have given us contractual assurances that they will provide at least the same level of privacy protection as is required by this Policy and the Principles and that they will process Personal Data for limited and specific purposes consistent with any consent provided by the individual. If EHE International has knowledge that a third party to which it has disclosed Personal Data covered by this Policy is processing such Personal Data in a way that is contrary to this Policy and/or the Principles, EHE International will take steps to prevent or stop such processing. In such case, the third party is liable for damages unless it is proven that EHE International is responsible for the event giving rise to the violation.

Security

EHE International maintains reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy ShieldPrivacy Shield. We employ industry standard administrative, physical, and technical measures designed to safeguard and protect information under our controlled authorized access, use, and disclosure.

Data Integrity

EHE International will use Personal Data only in ways that are compatible with the purposes for which it was originally collected or as subsequently authorized by the individual. EHE International will also take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. EHE International will adhere to the Privacy Shield Principles for as long it retains Personal Information received under its Privacy Shield certification.

Access

You may have the right to access the EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy ShieldPrivacy Shield. Only physicians and/or health care providers can upload data onto your Online Medical Record on the Web Site. If there is an omission, error, orissue with the data in your Online Medical Record, immediately contact your physician and health care professionals. Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Recourse, Enforcement and Liability

EHE International has mechanisms in place designed to effect compliance with the Privacy Shield Principles. EHE International conducts an annual self-assessment of its Employee and Consumer Personal Data practices to verify that the attestations and assertions EHE International makes about its Privacy Shield privacy practices are true and that EHE International’s privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.

Contact Information

EHE International has mechanisms in place designed to effect compliance with the Privacy Shield Principles. EHE International conducts an annual self-assessment of its Employee and Consumer Personal Data practices to verify that the attestations and assertions EHE International makes about its Privacy Shield privacy practices are true and that EHE International’s privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.

Contact Information

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 212.332.2397 or by written notice to:

EHE International
Privacy & Security Officer
10 Rockefeller Plaza, 4th Floor
New York, NY 10020

Changes to Policy

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. Appropriate public notice will be given concerning such amendments.

Effective Date

This Policy is effective as of: May 25, 2018