ROM Technologies, INC. User Privacy Policy

This notice describes how medical information about you may be used and disclosed in connection with your use of our web portal. Please review it carefully.

COLLECTION OF INFORMATION

We may collect the following types of information in connection with your ROM Technologies, Inc. (“ROM Tech”) account and services, including without limitation use of this web portal:

• Your name, email address, contact information, date of birth, phone number(s), and statistics generated from your rehabilitation sessions using ROM Tech devices. • Data about your ROM Tech device, including your device ID, IP address, cookies, web beacons, browser type, operating system, cross-device matching data, and similar data, including without limitation metadata or data used for analytics purposes • Information about when your ROM Tech account was registered, modified or terminated, and dates/times of logins and logouts

• Any permissions and authorizations you have provided related to your ROM Tech account including without limitation the identity of and other information concerning other individuals to whom you have given access to your account

• Information about and related to any services or third party platforms you use or access through your ROM Tech account, including frequency of access, types of use, features or functionality used, client accounts accessed, etc.

• Security related information, such as your credentials which include but are not limited to username and password, number of failed login attempts, timeouts, past passwords, security questions for identity or account validation, number and frequency of username or password resets, permissions and authorizations for our services and those of third party platforms, and geolocational information.

In addition, we may collect other information as permitted under applicable law. We may also share information regarding your ROM Tech account and services as follows:

• Within ROM Tech, including with employees, contractors, agents, and service providers, and with other third parties we use to support our business or services and who are bound by contractual obligation to keep information confidential and use it only for the purposes for which we disclose it to them;

• To protect our rights and property and the rights and property of our clients and others, including to enforce agreements, policies and terms of use;

• To comply with applicable laws and regulations;

• To respond to lawful requests, regulatory enquiries, investigations and legal process; • To protect the safety of any person;

• With third parties other than as set out above and only with your consent;

• In connection with, or during the consideration, negotiation, or consummation of any merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

In addition, we may share information as permitted under applicable law.

COOKIES

We use cookies to authenticate users, block malicious use of login credentials, and shield unauthorized access to ROM Tech properties and services. We also developed and use cookies to collect information on ROM Tech and our services in order to understand and improve our services and the manner in which they are provided. These cookies also help us learn how well ROM Tech and our services operate across different locations and identify any issues in the operation and provision of our services.

Third-Party Cookies

We also permit the setting of third-party cookies. These assist us in measuring and understanding how our products are used and how they can be optimized. We may also receive other analytics information from these third parties.

Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Your ROM Tech account also may not recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads.

For more information, visit the help page for your web browser

DATA RETENTION

To the extent permitted by applicable law and any applicable client agreements, we may retain your information for as long as needed to comply with our legal obligations (which obligations include those to you, our clients, or to any third parties including regulatory and related authorities), to resolve disputes, to enforce our legal rights, policies, terms and agreements, for analytic purposes, for security purposes, or for as long as is reasonably necessary for other lawful purposes.

SECURITY OF INFORMATION

Security is of the utmost importance for ROM Tech. ROM Tech uses technical and physical safeguards to protect the security of your information from unauthorized disclosure. However, security cannot be guaranteed against all threats.

You may not assign or transfer your ROM Tech account or share your ROM Tech login, password, or any other credentials with any other person without our consent. Please notify us immediately if you believe the security of your ROM Tech account may have been compromised.

NOTICE REGARDING CHILDREN AND MINORS

ROM Tech recognizes the importance of protecting the privacy and safety of children. ROM Tech accounts are not intended for users under the age of sixteen (16) years old, and such users are not authorized to have ROM Tech accounts. If you believe we have collected data from a user under sixteen (16) years old without the consent of their parent or legal guardian, please let us know immediately by contacting us as indicated below and provide sufficient information so we can act appropriately on your request.

TELEPHONE CONSUMER PROTECTION ACT (TCPA) NOTICE

In connection with your ROM Tech account, we may need to send business, informational, support and security related messages (whether texts, alerts or calls) to all telephone numbers, including cellular numbers or mobile devices, you choose to provide on your ROM Tech account, including on the ROM Tech device itself. You agree such texts or calls may be pre recorded messages or placed with an automatic telephone dialing system. In addition, you agree that ROM Tech may send service or account related text messages to cellular phone numbers you provide to ROM Tech, and you agree to accept and pay all carrier message and data rates that apply to such text messages. If you choose to provide an e-mail or other electronic address on your ROM Tech account, you acknowledge and consent to receive business and informational messages relating to your ROM Tech account at the address, and you represent and warrant that such address is your correct address and is not accessible or viewable by any other person.

DISPUTES

Unless otherwise required by applicable law, or otherwise specified in other ROM Tech terms applicable to the specific Services you are accessing or using through your ROM TECH account (and then only to the extent that the dispute relates solely to such specific Services), you agree that all provisions regarding disputes set forth in our terms of use also apply to any disputes related to this ROM Tech User Privacy Policy, including without limitation, choice of law, forum, service of process, mediation or arbitration, waiver of rights to trial by jury and agreement not to assert any claims in a consolidated or class action.

YOUR RIGHTS

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record

• You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how by e-mailing [email protected]

• We will provide a copy or a summary of your health information, usually within 10 business days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your personal or medical record

• You can ask us to correct personal or health information about you that is incorrect or incomplete. This will not apply to any notes made by your health care providers or other similar information, but does apply to fact-based metrics such as your date of birth, gender, or marital status. Ask us how by e-mailing [email protected]

Request confidential communications

• You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.

Ask us to limit what we use or share

• You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would negatively affect your care.

• If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

• You are entitled upon request to a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another accounting within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

• If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.

• We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights are violated

• You can lodge a complaint with us if you feel we have violated your rights in any way. Please see information on Page 1 regarding how to contact us.

• You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to:

200 Independence Avenue, S.W., Washington,
D.C. 20201, calling 1-877-696-6775, or visiting
www.hhs.gov/ocr/privacy/hipaa/complaints/.

YOUR CHOICES

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

• Share information with your family, close friends, or others involved in your care • Share information in a disaster relief situation

If you are not able to tell us your preference, for example if you are unconscious, we may choose to share your information if we reasonably believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to your health or safety.

We never share your information for the following purposes (unless you give us written permission, which we will not solicit):

• Marketing purposes

• Sale of your information

OUR USES AND DISCLOSURES

How do we typically use or share your health information?

We typically use or share your health information in the following ways.

In the Course of Your Treatment

We may share your health information with health care professionals who are treating you.

In the delivery of our services

We may use and share your health information to deliver our services to you, to improve the delivery of your care by your health care professionals, and to contact you when necessary.

Billing and payment for your ROM Tech services

We may use and share your health information to bill and get payment from health plans or other entities.

How else can we use or share your health information?

We are allowed or required in some circumstances to share your information in other ways that most often contribute to the public good, such as public health and research. However, we have to meet many legal conditions before we can share your information for these purposes. For more information visit: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

Help with public health and safety issues

We can share health information about you for certain situations such as:

• Preventing disease

• Helping with product recalls

• Reporting suspected abuse, neglect, or domestic violence

• Preventing or reducing a serious threat to anyone’s health or safety

Comply with the law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services and any applicable state or local health department. Address workers’ compensation, law enforcement, and other government requests. We can use or share health information about you:

• For workers’ compensation claims

• For law enforcement purposes or in response to a valid legal mandate • With health oversight agencies for activities authorized by law

Respond to Subpoenas, Court Orders, and Other Legal Actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

OUR RESPONSIBILITIES

• We are required by law to maintain the privacy and security of your protected health information.

• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

• We must follow the duties and privacy practices described in this notice and give you a copy of it in writing if you so request.

• We will not use or share your information other than as described here unless you give us written permission. If you give us such permission, you may withdraw it at any time. You must advise us know in writing if you wish to revoke any previously given permission.

For more information regarding this privacy notice and your rights as a consumer of ROM Tech services,visit: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Changes to the Terms of this Notice

We reserve the right to change and/or update the terms of this notice at any time and without advance notice to you, and all such changes will apply to all information we have about you and we will update our website promptly upon any such changes or updates.

CONTACT

If you have any questions about this ROM Tech User Privacy Policy or any other aspects of your privacy rights with respect to ROM Tech, please contact us at:

ROM Technologies, Inc.
101 Silvermine Road
Brookfield, Connecticut 06804
Attention: Legal Department

By email: [email protected]

By Phone: 1-888-374-0855

Cookie Policy

Like many other websites, we use cookies on this Site. A cookie is a small removable data file that is stored by the web browser on your computer that identifies your computer and browser when you visit ROMTech.com. We do not use cookies to collect Personal Information but rather to improve the quality of this Site.

Most web browsers are initially set up to accept cookies. You have the option to reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Please note, however, that certain features of the Site may not function if you delete or disable cookies.

THIS SITE’S COOKIES DO NOT AND CANNOT INFILTRATE A VISITOR´S HARD DRIVE TO COLLECT ANY INFORMATION STORED ON THE HARD DRIVE.

Third Party Advertising Cookies

ROMTech.com may from time to time promote products or services through third party websites. Some of these third parties generate their own cookies in order to track how many visitors to this Site have seen their advertisement and to record how many people have seen it more than once.

Third party advertising cookies can are used for statistical purposes, for example, in providing you with future advertising that is more relevant to your interests.

We have no control over third party advertising cookies, but assure you that they cannot be used to identify an individual visitor. The only data that will be collected by these cookies is that the visitor has arrived on the third party´s site having previously visited the ROMTech.com website.

CALIFORNIA PRIVACY RIGHTS NOTICE

This Privacy Notice for California Residents supplements the information contained in above included Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.

Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some its requirements.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

Publicly available information from government records.
De-identified or aggregated consumer information
Information excluded from the CCPA’s scope, like:

Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	YES
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	NO
G. Geolocation data.	Physical location or movements.	YES
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	YES
I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	YES

We obtain the categories of personal information listed above either directly from you (e.g., from your use of the Services) or indirectly from you (e.g., observing your actions on our website or through our devices), as further described above.

Use of Personal Information

We may use, or disclose the personal information we collect for one or more of the following purposes:

To fulfill or meet the reason you provided the information. For example, providing ROM Tech products or services to you or responding to questions about ROM Tech products or services.
To provide, support, personalize, and develop ROM Tech web properties, products and services.
To create, maintain, customize, and secure your account with us.
To process your requests, purchases, transactions, and payments and prevent transactional fraud.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
To personalize your website and services experience and to deliver content and product and service offerings relevant to your interests via email or text message with your consent, where required by law.
To help maintain the safety, security, and integrity of ROM Tech, our website, products and services, databases and other technology assets, and business.
For testing, research, analysis, and product development, including to develop and improve the ROM Tech website, products, and services.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to you when collecting your personal information or as otherwise set forth in the CCPA.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We share your personal information with the following categories of third parties:

Service providers.
Third Parties that you consent to or direct us to share your information with.

Disclosures of Personal Information for a Business Purpose

We may disclose the following categories of personal information for a business purpose:

Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category E. Biometric information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category H: Sensory Data.
Category K: Inferences drawn from other personal information.

We disclose your personal information for a business purpose to the following categories of third parties:

Service providers.
Third parties that you consent to or direct us to share your information with.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we disclosed your personal information for a business purpose, a list disclosing:

Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

We do not provide these access and data portability rights for B2B personal information.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our services.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for B2B personal information.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by contacting us per the instructions above (“Contact”).

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please call the phone number referenced above.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
Name, address, date of birth, user names (where applicable) and email address. We may use this information to surface a series of security/quiz questions to you to verify your identity.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

For Access, Data Portability, or Deletion Requests, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of ROM Tech’s products or services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, contact us as described above, under “Contact”.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

How to send us your feedback

Our goal is to respect your privacy and we encourage user feedback to help us improve our privacy policies. If you have any questions or suggestions about this privacy statement or our processing of your personal information, please contact us as described above under “Contact”.