Vitals recognizes that Your privacy and the protection of Your Personal Information is important to you, and therefore, has adopted this Vitals^SM privacy policy. This Vitals^SM privacy policy describes our privacy practices and how we treat the Personal Information that we collect from You when You use products and services of Vitals, including any Personal Information we collected from You when You created Your Vitals^SM account. The Vitals^SM privacy policy applies to all of the products, services, and websites offered by Vitals or our related, affiliated and/or subsidiary companies (collectively, the "Products and Services").

For the purposes of this Vitals^SM privacy policy, "Personal Information" is information that (i) You provide to Vitals and (ii) personally identifies You. Such information includes your name, email or other address, billing information or other data that can be reasonably linked by Vitals to personally identify You. The Personal information may also include "Sensitive Personal Information." The Sensitive Personal Information is Personal Information that (i) is related to confidential medical information, racial or ethnic origins, political or religious beliefs and/or sexuality, and (ii) Vitals has actual knowledge thereof.

To protect Your privacy, Vitals does not associate Your website navigation activities to given Healthcare Providers and/or medical conditions, and excludes from the Personal Information certain information that otherwise would be Personal Information. This "Excluded Information" is information that (i) is obtained via Your queries, searches or other interaction with Vitals, and (ii) relates to Healthcare Providers and/or medical conditions. The Excluded Information, however, may be used for the purpose of generating "Aggregated Non-Personal Information," as described below.

Aggregated Non-Personal Information is information about some or all of the users of Vitals, but unlike the Personal Information, does not reflect or reference an individually identifiable user. The Aggregated Non-Personal Information may be formed from the Personal or Excluded Information, but any of the Personal or Excluded Information used to form the Aggregated Non-Personal Information has been processed to no longer reflect or reference an individually identifiable user.

HOW WE OBTAIN THE PERSONAL INFORMATION

Vitals (or "we") may obtain, collect, retain, store or otherwise maintain the Personal Information from the following sources. If you decline to submit Personal Information, Vitals may not be able to or may choose not to provide to You some or all of our Products and Services.

Information You provide to Vitals.com. This information may include, for example, information provided to Vitals via a Vitals^SM account assigned to You and other User Communications, as described in more detail below.

• Vitals^SM account - You need a Vitals^SM account to access our Products and Services. When You sign up for a Vitals^SM account, we request from You Personal Information, such as your name, email or other address and an account password that is used to protect Your Vitals^SM account from unauthorized access. Vitals stores, processes and maintains Your Personal Information and other data related to Your Vitals^SM account to provide our Products and Services to You. For certain services, we may request credit card or other payment account information, which is maintained in encrypted form on secure servers.


• User communications - Any email or other communications sent to Vitals by You. We may retain those communications in order to process Your inquiries, respond to Your requests and improve our services.

Information recorded via interaction with Vitals.. This information may include, for example. server-log information, which is automatically recorded by our servers from an exchange between Your browser and our servers whenever You access, browse, or use Vitals.

• Server log information. The server-log information may include information such as (i) account activity, including storage usage, number of log-ins; data displayed or selected, including user interface or "UI" elements, links, etc; and (ii) as your web request, Internet Protocol address, browser type, browser language, the date and time of your request, date and time of access, one or more cookies that may uniquely identify your browser, cookie identification, referrer Uniform Resource Locator, etc. Please note the following with respect cookies.


• Cookies - When You visit Vitals, we send to Your computer one or more cookies (i.e. a small file containing a string of characters) that uniquely identifies your browser. We use cookies to improve the quality of our Products and Services by storing user preferences and tracking. Most browsers are initially set up to accept cookies, but You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Please note, however, some features of the Products and Services of Vitals may not function properly, if at all, if your cookies are disabled.

Information Vitals provides to You.. This information may include, for example, information provided to You from Vitals via Vitals-initiated communications. These Vitals-initiated communications, which may be in the form of paper mail, email or other electronic communications, are communications sent to You by Vitals, and can include communications that contain information related to Your Vitals^SM account.

HOW WE USE THE PERSONAL INFORMATION

Vitals only uses the Personal Information for the purposes described in this Vitals^SM privacy policy. In addition to any of the purposes noted in other sections of this Vitals^SM privacy policy, Vitals only uses the Personal Information for:

• providing the Products and Services to users, including the processing, formatting and displaying of the Personal information and customized content;
• auditing, research and analysis in order to maintain, protect and improve our services;
• ensuring the technical functioning of our network, including creating and maintaining back ups or other archival copies of the Personal information and other related data; and/or
• developing new services.

If we propose to use the Personal Information for any purposes other than those described in this section or any other section of this Vitals^SM privacy policy and/or in any specific notice to You regarding the same, we will ask for your consent prior to such use and offer you an effective way to opt out of the use of Personal Information for those other purposes. As above, if you opt out or otherwise decline to submit Personal Information, Vitals may not be able to provide to You our Products and Services.

INFORMATION SHARING AND ONWARD TRANSFER

Unless otherwise agreed to in writing, we reserve the right to sell, rent or otherwise share some or all of Your Personal Information with other companies or individuals outside of Vitals when:

• we have your consent (which, except for Sensitive Personal Information, shall be deemed given unless You have opted out; for Sensitive Personal Information, we require opt-in consent); and/or


• we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms of service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Vitals, its users or the public as required or permitted by law.

If Vitals becomes involved in a merger, acquisition, or any form of sale of all of its assets, we will provide notice before Personal Information is transferred and becomes subject to a different privacy policy.

We may share with others certain pieces of Aggregated Non-Personal Information. Such information does not identify you individually.

Please contact us at the address below for any additional questions about the management or use of Personal Information.

INFORMATION SECURITY

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

We restrict access to Personal Information to employees, contractors and agents of Vitals who need to know that the Personal Information to operate, develop and/or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations.

DATA INTEGRITY

Vitals processes the Personal Information only for the purposes for which it was collected and in accordance with this Vitals^SM privacy policy. We periodically review our data collection, storage and processing practices to ensure that we collect, store and process the Personal Information for providing and/or improve our Products and Services. We also take reasonable steps to ensure that the Personal Information we process is accurate, complete, and current, but we depend on our You and our other users to update or correct their Personal Information whenever necessary.

ACCESSING AND UPDATING PERSONAL INFORMATION

Except as required by the User Agreement, You may change the settings of Your Vitals^SM account via the "settings" section of such account. You may organize or delete certain information through such settings or, alternately, terminate Your Vitals^SM account. Such deletions or terminations will take immediate effect. Residual copies of the deleted information and/or terminated Vitals^SM account may take up to 60 days to be deleted from active servers and may remain in perpetuity in backup systems.

When you use our Products and Services, we make good faith efforts to provide you with access to your Personal Information and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. Where applicable, we ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Some of our Products and Services have different procedures to access, correct or delete Your Personal Information. Please contact us for the details for these procedures.

ENFORCEMENT

Vitals regularly reviews its compliance with this Vitals^SM privacy policy. Please feel free to direct any questions or concerns regarding this Vitals^SM privacy policy or our treatment of Personal Information by contacting us the address below. When we receive formal written complaints at this address, our policy is to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Information that cannot be resolved between an individual and Vitals.

CHANGES TO THIS POLICY

Please note that this Vitals^SM privacy policy may change from time to time. We will not reduce your rights under this Vitals^SM privacy policy without your consent, and we expect most such changes will be minor. Regardless, we will post any changes on this page. If you have any additional questions or concerns about this Policy, please feel free to contact us at

Vitals
Attn: Legal Department
1200 Wall Street West, 1st Floor
Lyndhurst, NJ 0707

MORE INFORMATION

Vitals adheres to the US safe harbor privacy principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement. For more information about the Safe Harbor framework, see the Department of Commerce's web site.