Privacy Policy

Last Updated: April 2024

INTRODUCTION AND SCOPE

Pi Health is committed to respecting and protecting the privacy of your personal information.

The data controller of your personal information (i.e. the entity that determines how your personal information is used) under this Privacy Policy is Pi Health Inc., with its business address at 55 Cambridge Parkway, Suite 700w, Cambridge, MA 02142, unless:

  • a different entity was identified in other privacy policies or information notices;

  • your healthcare provider is using Pi Health technology in their practice, in which case your provider is the data controller; or

  • you are interacting with or providing services to another Pi Health entity.

In those instances, the other entity that was identified or you are interacting with or providing services to will be the controller.

This Privacy Policy is directed at

  • visitors and users of Pi Health’s websites, products and services (excluding participants in a clinical trial or other research*), individuals within our former, current and prospectives clients, partners, vendors, consultants, contractors, service providers and any members of the general public who communicate with us, who provide Pi Health Inc. and/or its subsidiary companies (“Pi Health”, “we”, “us”, “our”) with personal information and/or whose personal data we receive.

    *- If you are a participant in a Pi Health sponsored clinical trial or other research and have questions about how your personal data is handled or your rights in relation to that research, please see the copy of the Patient Information Sheet And Informed Consent Form that you received.

This Privacy Policy describes how Pi Health uses the personal information we collect about you and how to exercise your rights.

As you read this Privacy Policy, please keep in mind the following important information about how this Privacy Policy applies:

  1. This Privacy Policy contains specific sections that may not be applicable to you because of where you are located or the type of personal information we maintain about you.

  2. This Privacy Policy may be complemented or supplanted by other privacy policies or information notices that tell you how your personal information is used and disclosed in certain other contexts. To the extent that those policies or notices are provided, posted and/or referenced, that different privacy policy or notice, and not this one, will apply to the processing of your personal information.

  3. Our websites, web portals, or other digital services (together, our “websites”) may contain links to third-party websites that we do not operate, control or endorse. Once you leave our websites, we are not responsible for the protection and privacy of any information you provide. We suggest reading the privacy policies of these third-party websites and, if needed, contacting those websites directly for information about their privacy practices.

CATEGORIES OF PERSONAL INFORMATION PROCESSED BY PI HEALTH

We may collect and use your personal information in a variety of contexts, including but not limited to when you participate in Pi Health research, take our drugs or therapies, or visit our websites or offices. Depending on your relationship or interactions with Pi Health, in the past twelve (12) months, Pi Health may have collected and processed any of the following categories of personal information about you:

Categories Examples Recipients

Identification information

First name, last name, initials, gender, age or date of birth, government-issued identification (e.g. identity card, driver’s license, passport or tax ID number), photographs, videos, sound recordings, language, or Pi Health-issued access cards and IT credentials.

  • Companies of the Pi Health group;

  • Pi Health service providers; Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

  • Advisors; and Other third parties.

Contact details

Postal and/or email address, or phone number

  • Companies of the Pi Health group;

  • Pi Health service providers;

  • Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

Commercial information

Records of Pi Health’s products or services prescribed, purchased, obtained or considered, payment information (amount invoiced and/or paid, bank details, W9 information, payment method, billing address), or history of our relationship

  • Companies of the Pi Health group;

  • Pi Health service providers;

  • Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

Professional information

Job title, employment status, educational information, professional qualifications and licenses, or work experience and professional networks, affiliates, programs and activities

  • Companies of the Pi Health group;

  • Pi Health service providers;

  • Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

Health biometric and genetic information

Information about your medical conditions, treatments and any adverse events you may experience while taking our drugs or therapies

  • Companies of the Pi Health group;

  • Pi Health service providers;

  • Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

Geolocation

Geolocation information obtained from your device’s GPS, Bluetooth, IP address, or other location services/technology

  • Companies of the Pi Health group;

  • Pi Health service providers;

  • Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

Information related to your exchanges with Pi Health

Date and subject of your requests or exchanges with Pi Health’s services

  • Companies of the Pi Health group;

  • Pi Health service providers;

  • Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

Others

Other information needed for our relationship or interactions with you or as required by laws, our service providers or collaborators, such as the information you provide in connection with contracts and queries you make to us.

  • Companies of the Pi Health group;

  • Pi Health service providers;

  • Pi Health technology and security providers;

  • Pi Health business partners and collaborators;

  • Administrative, regulatory or judiciary authorities;

The potential recipients are further described in the SHARING YOUR PERSONAL INFORMATION section of this Policy.

Certain information (such as, if applicable, your payment-related information, government issued identification, geolocation information, health, biometric and genetic information) may be considered sensitive personal information under applicable laws. We will:

  • take appropriate measures to protect and process your sensitive personal information; and

  • provide notices and/or obtain your explicit consent for processing your sensitive personal information where required by applicable laws.

Furthermore, our websites may automatically collect the following information through cookies and other data collection technologies:

Categories Examples Purposes Recipients

Internet or other electronic network activity information

IP address, device type, browser type, language, browsing history, information about your interaction with our websites and their services

This information is necessary for the proper functioning of our websites and their services, as well as internal business analytics purposes such as audience measurement. For more information on the cookies and other data collection technologies, please read the Cookies Policy below.

Companies of the Pi Health group, service and security providers, official authorities, advisors and other third parties, as further described in the SHARING YOUR PERSONAL INFORMATION section of this Policy

 

The provision of certain types of personal information may be necessary or optional. Mandatory information will be marked as such at the moment of collection of your personal information. If you refuse to provide the mandatory information, Pi Health may not be able to process your request.

SOURCES OF INFORMATION

In most cases, we collect your personal information directly from you, such as when you contact us via phone or in person, complete a form or survey, provide services, register for an account or request to receive marketing materials and information.

Sometimes, we may also obtain personal information about you from other sources who you direct or authorize to share information with us, such as authorized representatives or affiliated organizations, our research partners, collaborators and service providers. We also sometime collect information from publicly accessible sources such as government records, websites, social media and other digital platforms.

In addition, if you use our websites, we may collect information from your computer or other device through our use of cookies and other data collection technologies. For more information on cookies and other data collection technologies, please read the Cookies Policy applicable to the website you are accessing.

WHY WE PROCESS YOUR PERSONAL INFORMATION

The ways we process your personal information depend on why we collected it. Depending on your relationship and/or interactions with Pi Health, as well as, applicable laws and our own procedures & requirements, Pi Health may process your personal information for the following reasons:

Purposes Examples of use of your personal data Typical justifications/grounds

Managing your contact requests

  • to contact you

  • to answer your questions

Legitimate interest of Pi Health to manage its contact requests

Managing the personal and contractual relationship with you

  • to develop or manage our relationship or interactions with you or your employer or affiliated organization

  • to comply with our contractual and payment obligations

  • to process your privacy and other requests or complaints

Depending on your relationship with Pi Health:

  • to take steps prior to entering into an agreement

or

  • performance of the relevant agreement

or

  • comply with Legal and regulatory obligations to which Pi Health is subject

Improving the products, services and programs of Pi Health

  • to determine eligibility for, facilitate supply, administration and management of,

  • to track progress and outcomes regarding certain products, services and programs

  • to manage Pi Health’s research and development, collaboration and market research efforts

Legitimate interest of Pi Health to improve its products, services and programs

Sending communication that might interest you

to send you transactional, administrative and marketing communications regarding Pi Health business and medical activities (including products, services, programs and events of Pi Health). You can opt-out of these communications by the methods described in the YOUR CHOICES AND RIGHTS Section of this policy.

Legitimate interest of Pi Health to develop its business activities (with your consent, if required by applicable law)

Providing educational and awareness information

to provide you educational information, including providing information about certain health conditions and disease states, our products, programs and services

Legitimate interest of Pi Health to enhance the education and awareness about health conditions and disease states

Managing Pi Health’ events or programs

  • to register you

  • to manage the event or program depending on the participants

  • to send you communications about the event or program if applicable,

  • to record Pi Health’ events or programs

Legitimate interest of Pi Health to develop its business activities (with your consent, if required by applicable law)

Improving the websites and their services, as well as your user experience on the websites

  • to evaluate and improve the websites and their services e.g. to track the popularity of certain pages of the websites, the success of our email notifications, traffic levels on the websites and other usage data

  • to take steps designed to protect and enhance the security of the websites

Legitimate interest of Pi Health to improve the Sites and their services, as well as your user experience on the Sites, and with your consent to the extent required by applicable law

Pre-litigation or litigation management

  • to take action against any identified breach

  • to manage any dispute or litigation

Legitimate interest of Pi Health in defending its rights and interests

Compliance with legal and regulatory obligations

  • to comply with legal and regulatory obligations (e.g., in connection with regulatory submissions or complying with regulatory obligations relating to drug development, patient safety and transparency reporting, and for monitoring, investigating and enforcing compliance with our policies and legal and regulatory requirements)

  • to process your requests to exercise your rights

Legal and regulatory obligations to which Pi Health is subject

Aggregating and/or anonymizing personal information

  • to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual

Legitimate interest of Pi Health

Other

  • for other everyday business purposes such as payment processing and accounting, product development, safeguarding Pi Health property, contract management, archiving, website administration, fulfillment, analytics, fraud prevention and corporate governance, the potential sale or merger of some or all of the company, reporting and legal compliance.

Legitimate interest of Pi Health, legal and regulatory obligations to which Pi Health is subject, or to manage our contractual relationship with you

We do not undertake decisions based solely on automated processing of your information, including profiling, unless we inform you as required by applicable laws.

SHARING YOUR PERSONAL INFORMATION

We may share your personal information within Pi Health and with third parties with whom we have contracted or as otherwise permitted by applicable law. The type of information we share, our purposes for sharing it and the contractual measures we implement depends on the role of the third party. We do not, however, sell the personal information that we collect unless the personal information has first been anonymized.

Recipients Purposes

Companies of the Pi Health group (Pi Health Inc. and/or its subsidiary companies) and its duly authorized employees


Pi Health Subsidiaries:

  • Pi Health USA, LLC - USA
  • Pi Health Brasil Consultoria Ltda. - Brazil
  • B10 Health Technologies Private Limited - India
  • Pi Health Technologies Private Limited - India
  • Pi Health Aus Pty Ltd - Australia
  • Pi Health Hong Kong Limited - Hong Kong, China
  • Pi Health (Shanghai) Health Technology Co., Ltd. (formation pending) - China

For the purposes set forth in this Privacy Policy, including the global administrative, operational, technical and/or marketing purposes in the context of Pi Health worldwide and/or global business and medical activities

Pi Health service providers (payment vendors, contract research organizations, central labs, logistics providers, etc.)

For assisting Pi Health in the global administrative, operational and/or technical management of our business, including clinical trials or other research sponsored by Pi Health or one of its partners or collaborators

Pi Health business partners and collaborators (external scientists, healthcare providers, pharmacies and pharmaceutical partners distribution agents, etc.)

For administrative, operational and/or technical purposes in the context of Pi Health global business and medical activities

Pi Health technology and security providers (hosting provider, IT service providers, marketing service providers, etc.)

For assisting Pi Health in administrative, operational, technical and/or marketing purposes in the context of Pi Health global business and medical activities

Administrative, regulatory or judiciary authorities or agencies and other third parties

Exclusively to comply with any legal or regulatory obligation and/or in the cases of an express and justified request or in case of an alleged violation of legal or regulatory provisions

Advisors (such as outside auditors, attorneys and similar parties)

For assisting Pi Health in administrative, operational, and/or technical purposes in the context of Pi Health global business and medical activities, as well as, the management of possible disputes and other legal matters, where appropriate.

Other third parties

Following or during a restructuring, acquisition, debt financing, merger, transfer, sale of assets of Pi Health or a similar transaction, as well as in case of insolvency, bankruptcy or receivership where personal data are transferred to one or more third parties as assets of Pi Health, subject to your information and/or consent, if applicable.

HOW LONG WE RETAIN YOUR PERSONAL INFORMATION

We retain your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless required by our legal obligations to retain it for longer. To determine the appropriate retention period for information, we consider the amount, nature and sensitivity of information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, whether we can achieve those purposes through other means and all applicable global legal, regulatory, and compliance requirements.

In particular, any information collected for your subscription to an email alert or newsletter will be kept until you unsubscribe and information you provide via your requests will be kept a least until their complete processing. We will keep a record of your unsubscribe request, if any, for as long as is necessary to comply with that request.

In addition to this, Pi Health will keep your personal information during:

  • the statute of limitation, if needed for evidence purposes;

  • applicable legal retention periods, in particular regarding commercial, compliance and regulatory matters, or any other mandatory retention period (such as legal hold or investigation).

WHERE WE PROCESS YOUR INFORMATION AND HOW WE PROTECT IT

Pi Health operates in many countries around the world and your personal information may be accessible to or shared with our affiliates, service providers, partners, collaborators and regulators in various countries for the purposes specified in this Privacy Policy. The laws in certain countries may not provide the same level of protection as the laws in your country or region. When that is the case and as required by applicable laws, we take steps to protect your transferred information, such as entering into contracts with recipients of your information or implementing additional data safeguards. Additionally, in certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in other countries may be entitled to access your Personal Information.

While we have established reasonable physical, electronic and managerial procedures designed to protect your personal information from unauthorized access and disclosure, we cannot guarantee its absolute security. You should take special care in deciding what information you transmit, upload, send or otherwise submit to us.

INFORMATION ABOUT CHILDREN

We take seriously our obligations under applicable laws concerning the collection of information from or about children. We do not intend to direct our websites to individuals under the age of 16 (“children”) and we do not knowingly collect personal information directly from children through our websites. We request that children do not use our websites or provide any information to us through our websites or otherwise, unless we have first obtained a parent or guardian’s consent, where applicable.

YOUR CHOICES AND RIGHTS

You may choose not to provide your personal information to us; however, in doing so, you may not be able to continue your relationship or interactions with us or use certain services, e.g., patient support services.

At any time, you can choose to opt out from our marketing communications by using the unsubscribe feature in any marketing email you have received. If you unsubscribe from marketing, we may still send you email communications that are relationship or transactional in nature.

Under certain data protection laws, you may have the following rights with respect to your personal information:

  • Your right of access. You may have the right to ask us to provide clear, transparent and understandable information on how we process your personal information, as well as for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process.

  • Your right to rectification. You may have the right to ask us to rectify information you think is obsolete or inaccurate and the right to ask us to complete information you think is incomplete.

  • Your right to deletion of your personal information. You may have the right to ask us to delete your personal information in certain circumstances.

  • Your right to restriction of processing. You may have the right to ask us to restrict the processing of your personal information, during a limited period of time, in certain circumstances.

  • Your right to object to processing. You may have the right to object to processing, in which case, Pi Health will no longer process your personal information unless Pi Health demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, such as compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

  • Your right to data portability. You may have the right to ask that we transfer the information you gave us from one organization to another or give it to you.

  • Right to withdraw your consent. If we process your personal information based on your consent, you have the right to withdraw your consent, without this withdrawal affecting the lawfulness of the processing operations previously carried out.

  • Right to close your account. If you receive our services through online accounts, you have the right to close your accounts.  

Depending on your country of residence and the country where the Pi Health entity processing your personal information is established, you may have additional local rights with respect to our processing of your personal information. Please note that some of the personal information that we collect, use and disclose may be exempt from the rights outlined above.

You can submit your request by sending us an email at privacy@pihealth.ai.

We will respond to your request consistent with applicable law. Under certain circumstances, Pi Health may ask you for specific information to confirm your identity and ensure the exercise of your rights. This is a security measure to safeguard personal information. We will notify you when your request is completed, if we deny your request to exercise your rights (because, for example, an exception applies), or if there is a fee associated with processing your request.

Note that despite any requested removal of or change to your information, there may be residual information that will remain within our databases and other records, subject to applicable legal standards.

You may designate an authorized agent to exercise your rights on your behalf. In such case, we will also need to verify your agent’s identity and obtain proof of your authorization. We may need to deny a request from an agent whose identity or authorization we cannot verify.

If you believe that Pi Health has processed information in a manner that is unlawful or breaches your rights, or has infringed applicable laws, you may have the right to complain directly to your local data protection authority. Without limiting any rights to complain directly to an authority, we are committed to protecting personal information, and complaints may be made directly to us.

FOR EEA/UK/SWISS/BRAZILIAN RESIDENTS: You may lodge a complaint with a data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs.

A list of EEA data protection authorities is available at:
https://ec.europa.eu/newsroom/article29/items/612080 ,
The UK Information Commissioner’s Office’s contact details can be found at:
https://ico.org.uk/global/contact-us/.
The Swiss authority is the FDIC, at
www.edoeb.admin.ch .
The Brazilian authority is the ANPD, at
https://www.gov.br/anpd/pt-br/canais_atendimento/cidadao-titular-de-dados/denuncia-peticao-de-titular

We will not discriminate against you for exercising any data subject right you have under applicable law.

ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EUROPEAN UNION/EUROPEAN ECONOMIC AREA, UNITED KINGDOM, SWITZERLAND, BRAZIL, AND INDIA

We are required to comply with the European Union’s and the United Kingdom’s General Data Protection Regulations (“GDPR” and “UK GDPR”), Switzerland’s Federal Act on Data Protection (“FADP”), Brazil’s General Data Protection Law (“LGPD”), India’s Digital Personal Data Protection Act (“DPDP”), and similar applicable local laws with regards to certain personal information we collect. The Pi Health entities referenced when we collect your personal information are the data controllers or data processors of your personal information, depending on the situation. Please contact us if you have any questions about the controller(s) or processor(s) of your personal information.

Sensitive data

We process special categories of information (e.g., sensitive information that reveals racial or ethnic origin or genetic, biometric and health information) only where you give us your explicit consent, or when our processing is for scientific research purposes, necessary to meet a legal or regulatory obligation, in connection with the establishment, exercise or defense of legal claims, or is otherwise expressly permitted by law.

If we need to collect your personal information by law or under the terms of a contract we have with you and you do not provide the requested information, we may not be able to perform the contract we have, or are trying to enter into, with you.

Data transfers

Pi Health is a multi-national company with a presence and personnel in the United States and other countries around the world. As such, Pi Health may transfer or provide access to your personal information to affiliates, service providers or collaborators in these countries and others that do not provide the same level of protection as your own country. When we do so, in the absence of an adequacy decision concerning the recipient country, we rely on safeguards such as approved model contracts (for example the EU’s standard contractual clauses or the UK’s international data transfer agreement), after having carried out an assessment of the level of protection of your rights on the territory of the third country where the recipient of your personal information is established. For more information about Pi Health’s use of the model contracts, please contact us.

The list of the EEA’s adequate jurisdictions is available here:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
The list of the UK’s adequate jurisdictions is available here:
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/
And the list of Switzerland’s adequate jurisdictions is available here:
https://www.fedlex.admin.ch/eli/cc/2022/568/en#annex_1

OUR COOKIE POLICY

Cookies, pixel tags, and other trackers (hereinafter “Cookies”) are small files that allow for storing or retrieving information on your browser or your device (computer, tablet, mobile, etc.) when visiting online services. Cookies are widely used by websites, software or emails. When you first visit our websites and again if you delete the Cookies or the Cookies expire or change, you will be asked which Cookies you consent to.

Cookies do not recognize you personally, but rather the device you use. Cookies simply give information about your browsing activities in order to recognize the device later on in order to improve the browsing experience, save your preferences or even adapt the services offered to you on the Websites. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

We may use the following types of cookies on our websites:

  • Necessary Cookies, which enable the proper functioning of the Websites (security, facilitate browsing, display of the webpages…). You may disable these by changing your browser settings as described below. If you do so, you will still be able to navigate the Websites, but some of the Websites’ functions will be affected;

  • Analytics Cookies, which are used to collect information about how visitors use our websites to improve the Websites by collecting information on how you interact with the Websites;

  • The cookies collect information in a way that does not directly identify anyone, rather they collect information in an aggregated or generalized statistical form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.

  • One of the analytic cookies we use is Google Analytics. Google's overview of privacy practices and data safeguards is available at: https://support.google.com/analytics/answer/6004245. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

  • Social Media Cookies, which enable you to interact with social plugins on the Websites and share content on social networks; and

  • Advertising Cookies, which enable the placement of advertisements, to measure their effectiveness and to adapt their content to your browsing and your profile.

Most web browsers allow some control of most cookies through the browser settings. For example, there are simple procedures in most browsers that allow you to delete existing cookies. If you want to set your computer or mobile web browser to reject all cookies by default, please visit the home page for your browser for instructions. If you reject all Cookies, you may still use our Websites; however, this may affect the functionality of some areas of our Websites.

In addition, your Internet Protocol (IP) address (an identifying number that is automatically assigned to your computer by your Internet Service Provider) is identified and logged automatically in our server log files whenever you visit the Site, along with the time(s) of your visit(s) and the page(s) that you visited. We use the IP addresses of all visitors to the Site to calculate Site usage levels, to help diagnose problems with the Site servers, and to administer the Sites. We may also use IP addresses to communicate with or block access by visitors who fail to comply with our Terms of Use.

We do not track our website users over time or across third party websites to provide targeted advertising. At this time, we do not respond to “Do Not Track” signals from your web browser due to the lack of an established industry standard. For more information about “Do Not Track” signals, please visit https://allaboutdnt.com/.

CONTACTING US

You may contact us at any time if you have questions or concerns about this Privacy Policy or our practices. Please send an email to privacy@pihealth.ai.

We will endeavor to respond to your request as soon as reasonably possible in compliance with applicable laws.

We strive to accommodate all individuals regardless of disabilities. If you need to receive the information contained in this document in a different format, please contact us at privacy@pihealth.ai.

Our global Data Protection Officer and HIPAA Chief Privacy Officer is Brandon Goldberg. He is located in Atlanta, GA, USA and can be contacted at brandon.goldberg@pihealth.ai.

CHANGES TO THIS PRIVACY POLICY

We aim to regularly update this Privacy Policy to reflect our practices. Therefore, we recommend you periodically review this Privacy Policy. The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on our services.