ARMRA Privacy Policy

Last Updated: May 24, 2024

This Privacy Policy applies to the processing of personal information by Rahal Biosciences, Inc. d/b/a ARMRA (“ARMRA,” “we,” “us,” or “our”) including on our website available at https://tryarmra.com/ and our other online or offline offerings which link to, or are otherwise subject to, this Privacy Policy (collectively, the “Services”).

This Privacy Policy does not apply to any third-party websites, services, or applications, even if they are accessible through the Services.

Disclosure Regarding the California Consumer Privacy Act (Notice at Collection). For information on our processing of personal information that is subject to the California Consumer Privacy Act (“CCPA”), please see Annex A – Supplemental CCPA Privacy Policy.

Disclosure Regarding the Supplemental Consumer Health Data Privacy Policy. For information on our processing of “consumer health data” that is subject to the Washington My Health My Data Act or Nevada Senate Bill 370, please see Annex B – Supplemental Consumer Health Data Privacy Policy.

• 1.UPDATES TO THIS PRIVACY POLICY

• 2.PERSONAL INFORMATION WE COLLECT

• 3.HOW WE USE PERSONAL INFORMATION

• 4.HOW WE DISCLOSE PERSONAL INFORMATION

• 5.YOUR PRIVACY CHOICES AND RIGHTS

• 6.INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

• 7.RETENTION OF PERSONAL INFORMATION

• 8.SUPPLEMENTAL NOTICE FOR EU/UK GDPR

• 9.CHILDREN’S INFORMATION

• 10.THIRD-PARTY WEBSITES/APPLICATIONS

• 11.CONTACT US

ANNEX A – SUPPLEMENTAL CCPA PRIVACY POLICY

ANNEX B – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY POLICY

ANNEX C – CONSUMER HEALTH DATA AUTHORIZATION

• 1.UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Policy on our website, and/or we may also send other communications.

• 2.PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.

• A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

• Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, email address, phone number, and other information you store with your account.

• Purchases. We may collect personal information and details associated with your purchases, including order details, shipping information, and payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).

• Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or our web chat tool. 

• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

• Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, reviews, forums, blogs, and social media pages). This may include personal information about your health if you include such information in a review or otherwise submit it to ARMRA. Any information you provide using the public sharing features of the Services will be considered “public.”

• Sweepstakes or Contests.We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.

• Conferences, Trade Shows, and Other Events.We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
• Business Development and Strategic Partnerships.We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
• Job Applications.If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and CV.

• B. Personal Information Collected Automatically

We may collect personal information automatically when you use the Services.

• Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information).

• Usage Information. We may collect personal information about your use of the Services, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Services.

• Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services.

• Cookies. Cookies are small text files stored in device browsers.

• Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects personal information about use of or engagement with the Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

• C. Personal Information Collected from Third Parties

We may collect personal information about you from third parties. For example, if you access the Services using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings. In addition, users of the Services may upload or otherwise provide personal information about others including via referral features.

• 3.HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below.

• A. Provide the Services

We use personal information to fulfill our contract with you and provide the Services, such as:

• Managing your information;
• Providing access to certain areas, functionalities, and features of the Services;
• Answering requests for support;
• Communicating with you;
• Sharing personal information with third parties as needed to provide the Services;
• Processing your financial information and other payment methods for products and Services purchased;
• Processing applications if you apply for a job we post on our Services; and
• Allowing you to register for events.

• B. Administrative Purposes

We use personal information for various administrative purposes, such as:

• Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
• Carrying out analytics;
• Measuring interest and engagement in the Services;
• Improving, upgrading, or enhancing the Services;
• Developing new products and services;
• Creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws;
• Ensuring internal quality control and safety;
• Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;
• Debugging to identify and repair errors with the Services;
• Auditing relating to interactions, transactions, and other compliance activities;
• Enforcing our agreements and policies; and
• Carrying out activities that are required to comply with our legal obligations.

• C. Marketing

We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.

Some of our marketing activities may be considered a “sale” or “targeted advertising” under applicable privacy laws.

If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.

• D. With Your Consent or Direction

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.

• E. Automated Decision Making

We may engage in automated decision making, including profiling. ARMRA’s processing of your personal information will not result in a decision based solely on automated processing that has a legal or other similarly significant effect on you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making.

If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.

• 4.HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

• A. Disclosures to Provide the Services

We may disclose any of the personal information we collect to the categories of third parties described below.

• Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Services. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our chat features.

Our service providers, and their third-party providers, may use personal information they process to provide us with services to build and improve their machine learning and artificial intelligence models.

• Others You Share or Interact With. The Services may allow ARMRA users to share personal information or interact with other users of the Services or the general public (e.g., through community forums or testimonials).

• Third-Party Services You Share or Interact With. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”).

Any personal information shared with a Third-Party Service will be subject to the Third- Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.

• Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.

Once your personal information is shared with our business partner, it will also be subject to our business partner’s privacy policy. We are not responsible for the processing of personal information by our business partners.

• Affiliates. We may share personal information with our corporate affiliates.

• Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising”, “personalized advertising”, or “targeted advertising.”

Some of the advertising Technologies we may use include:

• Facebook Connect. For more information about Facebook’s use of your personal information, please visit Facebook’s Data Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.

We may also share personal information with advertising partners to carry out other advertising activities that do not rely on the use of Technologies. For example, we may share personal information with advertising partners for custom audiences advertising, to participate in data co-op programs, or to send postal mailers.

• B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

• C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

• 5.YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices. The privacy choices you may have about your personal information are described below.

• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).

• Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.

• “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

• Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly.

Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of certain tracking on some mobile applications by following the instructions for Android, iOS, and others.

The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the Network Advertising Initiative, the Digital Advertising Alliance, and the European Digital Advertising Alliance.

Please note you must separately opt out in each browser and on each device.

Your Privacy Rights. In accordance with applicable law, you may have the right to:

• Confirm Whether We Are Processing Your Personal Information;

• Request Access to or Portability of Your Personal Information;

• Request Correction of your personal information;

• Request Deletion of your personal information;

• Request Restriction of or Object to our Processing of your personal information;

• Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your personal information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws); and

• Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below, or for certain rights, click here. We will process such requests in accordance with applicable laws.

Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.

To protect your privacy, we will take steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to confirm the email address we have associated with you.

Some laws may allow you to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.

If your personal information is subject to the applicable data protection laws of the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.

• 6.INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.

These countries may or may not have adequate data protection laws as defined by the data protection authority in your country. While outside of your jurisdiction of residence, personal information will be subject to local foreign laws, which may permit government and national security agencies to access your information in certain circumstances.

If we transfer personal information from the European Economic Area, Switzerland, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

• 7.RETENTION OF PERSONAL INFORMATION

We store the personal information we collect as described in this Privacy Policy for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. 

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

• 8.SUPPLEMENTAL NOTICE FOR EU/UK GDPR

This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK General Data Protection Regulation.

ARMRA’s processing of your personal information may be supported by one or more of the following lawful bases:

Privacy Policy Section	Lawful Basis: Performance of a Contract (i.e., to provide the Services to you)	Lawful Basis: Legitimate Interest	Lawful Basis: Consent	Lawful Basis: For Compliance with Legal Obligations
Section 3A: Provide the Services	✔	✔	✔	✔
Section 3B: Administrative Purposes	✔	✔	✔	✔
Section 3C: Marketing		✔	✔
Section 3D: With Your Consent or Direction	✔	✔	✔
Section 3E: Automated Decision Making	✔	✔	✔	✔

• 9.CHILDREN’S INFORMATION

The Services are not directed to children under 16 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.

• 10.THIRD-PARTY WEBSITES/APPLICATIONS

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

• 11.CONTACT US

ARMRA is the controller of the personal information we process under this Privacy Policy.

If you have any questions about our privacy practices or this Privacy Policy, please contact us at: inquiry@tryarmra.com.

To exercise your rights as detailed in this Privacy Policy, please contact us at: help@tryarmra.com or, for certain rights, click here.

Toll-Free Phone Number: 1 (866) 479-9084ANNEX A – SUPPLEMENTAL CCPA PRIVACY Policy

This Supplemental CCPA Privacy Policy supplements our Privacy Policy and only applies to our processing of personal information that is subject to the CCPA. 

Notice at Collection

At or before the time of collection, California residents have a right to receive notice of our privacy practices. California residents can find this information below.

• Personal Information Collected. See the section of this Supplemental CCPA Privacy Policy titled “Overview of Personal Information Collected, Disclosed, Sold and/or Shared” for a list of personal information which may be collected. If we have previously collected personal information in the past 12 months, we may collect that personal information from you.
• Uses of Personal Information. See the section of this Supplemental CCPA Privacy Policy titled “Uses of Personal Information” for a list of the purposes for which we use personal information.
• Is Personal Information “Sold” or “Shared” for “Cross-Context Behavioral Advertising”? Yes. See the section of this Supplemental CCPA Privacy Policy titled “Overview of Personal Information Collected, Disclosed, Sold and/or Shared” for more details. If we have previously “sold” personal information or “shared” personal information for “cross-context behavioral advertising” in the past 12 months, we may “sell” or “share” that personal information if collected from you. See the section of this Supplemental CCPA Privacy Policy titled “Right to Opt Out of ‘Sales’ of Personal Information and/or ‘Sharing’ for ‘Cross-Context Behavioral Advertising’” for instructions on how to opt-out of these activities. 
• How Long is Personal Information Retained For? To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
• Additional Information. For more information on our privacy practices, please review this Supplemental CCPA Privacy Policy and our Privacy Policy. Importantly, the section of our Privacy Policy titled “Your Privacy Rights” includes important details about how you can exercise some of the rights which you have under the CCPA.

CATEGORIES OF SOURCES FROM WHICH PERSONAL INFORMATION IS COLLECTED

We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources.

Overview of Personal Information Collected, Disclosed, sold, and/or shared

The CCPA provides California residents with the right to know what categories of personal information ARMRA has collected about them, whether ARMRA disclosed that personal information for a business purpose (e.g., to a service provider), whether ARMRA “sold” that personal information, and whether ARMRA “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:

Category of Personal Information Collected by ARMRA	Category of Third Parties To Whom Personal Information is Disclosed to for a Business Purpose	Category of Third Parties To Whom Personal Information is Sold and/or Shared
Identifiers	Service Providers Others You Share or Interact With Third-Party Services You Share or Interact With	Advertising Partners
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Service Providers Others You Share or Interact With Third-Party Services You Share or Interact With	N/A
Protected classification characteristics under California or federal law	Service Providers Others You Share or Interact With Third-Party Services You Share or Interact With	N/A
Commercial information	Service Providers Others You Share or Interact With Third-Party Services You Share or Interact With	Advertising Partners
Biometric information	Service Providers Others You Share or Interact With Third-Party Services You Share or Interact With	N/A
Internet or other electronic network activity	Service Providers Third-Party Services You Share or Interact With	Advertising Partners
Professional or employment-related information	Service Providers	N/A
Inferences drawn from other personal information to create a profile about a consumer	Service Providers	Advertising Partners
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account	Service Providers	N/A
Personal information that reveals the contents of a consumer’s mail, email, and text messages unlessARMRA is the intended recipient of the communication	Service Providers
Personal information collected and analyzed concerning a consumer’s health	Service Providers Others You Share or Interact With Third-Party Services You Share or Interact With	N/A

USES OF PERSONAL INFORMATION

We may use and disclose the personal information that we collect for the following business and commercial purposes:

• Providing the Services as further described in our Privacy Policy;
• Processing for administrative purposes as further described in our Privacy Policy;
• Processing for marketing purposes as further described in our Privacy Policy;
• Processing with your consent or direction as further described in our Privacy Policy;
• Processing to carry out automated decision making as further described in our Privacy Policy;
• Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
• Helping to ensure security and integrity to the extent the use of personal information is reasonably necessary and proportionate for these purposes;
• Debugging to identify and repair errors that impair existing intended functionality;
• Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with ARMRA;
• Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar Services;
• Providing advertising and marketing services;
• Undertaking internal research for technological development and demonstration;
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by ARMRA, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by ARMRA.

RIGHT TO OPT Out of “Sales” of Personal Information and/or “Sharing” for “Cross-Context Behavioral Advertising”

We “sell” your personal information or “share” your personal information for “cross-contextual behavioral advertising” to help provide you with advertising about ARMRA’s products and services.

California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” California residents may exercise these rights by following the instructions posted here.

Disclosure Regarding Individuals Under the Age of 16

ARMRA does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. ARMRA does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”

Disclosure Regarding Sensitive Personal Information

ARMRA only uses and discloses sensitive personal information for the following purposes:

• To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
• To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
• To resist malicious, deceptive, fraudulent, or illegal actions directed at ARMRA and to prosecute those responsible for those actions.
• To ensure the physical safety of natural persons.
• For short-term, transient use.
• Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.
• To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by ARMRA, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by ARMRA.
• For purposes that do not infer characteristics about individuals.

Non-Discrimination

California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.

NOTICE OF FINANCIAL INCENTIVE

This Notice of Financial Incentives is to inform you about any programs, benefits, and other financial incentive offerings, including price or service differences (collectively, “Incentive Offerings”), that we may provide in connection with the collection of your personal information so that you may make an informed decision on whether to participate in our Incentive Offerings. Such Incentive Offerings may be deemed “financial incentives” under the CCPA.

The material aspects of any Incentive Offering, along with the personal information collected in connection with an Incentive Offering, will be described at the time you are presented with the Incentive Offering.

Examples of our Incentive Offerings may include:

• One-Time Promotion. We may offer you a discount on your first order if you provide us your email address and agree to receive marketing emails in exchange for a one-time discount.

• Refer-a-Friend Program. We may offer a discount on your future purchase when you provide your personal information along with your friends’ or colleagues’ personal information, and they make a purchase using the Services. The referred party may also receive a reward in the form of a discount on the first order and/or a free service for making a purchase through your referral].

You can opt-in to an Incentive Offering by following the instructions that accompany the presentation of the Incentive Offering. If you subsequently wish to withdraw from the Incentive Offering, you may request such withdrawal by contacting us as set forth in “Contact Us” above. 

Each Incentive Offering may be based upon our reasonable and good-faith determination of the estimated value of such offer to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized.

ANNEX B – Supplemental Consumer Health Data Privacy POLICY

This Supplemental Consumer Health Data Privacy Policy (“Consumer Health Data Privacy Policy”) supplements the ARMRA Privacy Policy. This Consumer Health Data Privacy Policy only applies to personal information that we process that is “consumer health data” subject to the Washington My Health My Data Act (“MHMDA”) or Nevada Senate Bill 370 (“NV SB 370”) (as applicable).

Terms used in this Consumer Health Data Privacy Policy that are defined in MHMDA or NV SB 370 will have the meaning set forth in those laws to the extent such laws are applicable.

• Consumer Health Data We Collect

Under the MHMDA, “consumer health data” is defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.”

Under NV SB 370, “consumer health data” is defined as “personally identifiable information that is linked or reasonably capable of being linked to a consumer and that a regulated entity uses to identify the past, present or future health status of the consumer.”

Because consumer health data is defined very broadly, many of the categories of personal information that we collect under our Privacy Policy may also be considered consumer health data.

Examples of consumer health data that you may provide to us, or that we may otherwise collect, may include:

• Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. For example, we collect your search queries on the Services, which may include queries or other information concerning nutrition, wellness, fitness, medical conditions, or other health-related topics.
• Information about your health-related conditions, symptoms, status, diagnoses, disease, testing, or treatments.
• Information about social, psychological, behavioral, and medical interventions.
• Information about use or purchase of prescribed medication.
• Information about measurements of bodily functions, vital signs, symptoms, or characteristics.
• Information about diagnoses or diagnostic testing, treatment, or medication.
• Information about surgeries or other health-related procedures. 
• Reproductive or sexual health information.
• Information about gender-affirming care.
• Biometric information.
• Genetic data.
• Information related to the precise (geo)location information of a consumer used to indicate an attempt by a consumer to receive health care services or products.
• Other information that may be used to infer or derive data related to the above or other consumer health data.

• Sources of Consumer Health Data

We collect consumer health data that you provide to us, consumer health data we collect automatically when you use the Services, and consumer health data from third-party sources, as described in our Privacy Policy and below.

• Why We Collect and Use Consumer Health Data

We collect and use consumer health data for the purposes and in the manner described in the “How We Use Personal Information” section of the Privacy Policy.

Primarily, we collect and use consumer health data as reasonably necessary to provide you with the products or Services you have requested or authorized. This may include delivering and operating the products or Services and their features, personalization of certain product or Services features, ensuring the secure and reliable operation of the products or Services and the systems that support them, troubleshooting and improving the products and Services, and other essential business operations that support the provision of the products and Services (such as analyzing our performance and meeting our legal obligations).

We may also use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law.

• Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described above and in the “How We Use Personal Information” section of the Privacy Policy. In particular, we may share consumer health data with your consent or as reasonably necessary to complete any transaction or provide any product or Service you have requested or authorized, as described above.

• Third Parties With Which We Share Consumer Health Data

We may share consumer health data with the categories of third parties listed in the “How We Disclose Personal Information” section of the Privacy Policy.

• How to Exercise Your Rights

MHMDA and NV SB 370 provide consumers with certain rights with respect to consumer health data.

Under MHMDA, consumers have the right to: (i) confirm whether ARMRA is collecting, sharing, or selling consumer health data and to access such data; (ii) withdraw consent from ARMRA’s collection and sharing of consumer health data; and (iii) request that ARMRA delete consumer health data.

Under NV SB 370, consumers have the right to: (i) confirm whether ARMRA is collecting, sharing or selling consumer health data; (ii) have ARMRA provide the consumer with a list of all third parties with whom ARMRA has shared consumer health data relating to the consumer or to whom ARMRA has sold such consumer health data; (iii) request that ARMRA cease collecting, sharing, or selling consumer health data relating to the consumer; and (iv) request that ARMRA delete consumer health data.

The rights afforded to consumers under MHMDA and NV SB 370 are subject to certain exceptions.

You can request to exercise such rights by following the instructions found under the “Your Privacy Choices and Rights” section of the Privacy Policy.

If your request to exercise a right under MHMDA or NV SB 370 is denied, you may appeal that decision by contacting us at: help@tryarmra.com.

If your appeal is unsuccessful and your consumer health data is subject to MHMDA, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

• DISCLOSURE REGARDING THIRD PARTY COLLECTION oF CONSUMER HEALTH DATA UNDER NV SB 370

This section only applies to our processing of consumer health data that is subject to NV SB 370.

When you visit ARMRA’s websites or online services, we may allow third parties to collect consumer health data via Technologies that they may use over time and across different Internet websites or online services.

For more details, see “How We Disclose Personal Information” > “Advertising Partners” in the Privacy Policy.

• UPDATES TO THIS CONSUMER HEALTH DATA PRIVACY Policy

We may update this Consumer Health Data Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Consumer Health Data Privacy Policy on our website, and/or we may also send other communications.

ANNEX C – CONSUMER HEALTH DATA AUTHORIZATION

This Consumer Health Data Authorization only applies to personal information that we process that is “consumer health data” subject to the Washington My Health My Data Act (“MHMDA”) or Nevada Senate Bill 370 (“NV SB 370”) (as applicable).

If you opt-in to “personalize marketing” via the ARMRA cookie banner, you authorize ARMRA to sell your consumer health data as described below:

• Specific consumer health data intended for sale: Consumer health data collected via cookies and similar technologies. This may include, but is not limited to, browsing activity on the ARMRA website. 

• What is the purpose of the sale of consumer health data? ARMRA sells your consumer health data to the parties listed below to tailor and deliver personalized advertisements to you.

• How will the purchasers of consumer health data gather and use the data? Purchasers of consumer health data will gather the data via cookies and similar technologies when you browse ARMRA’s website. The purchasers of the consumer health data may use the data to assist ARMRA in delivering personalized advertisements to you and in accordance with their privacy policies linked below.

• Contact information of parties purchasing the consumer health data:
• AppNexus (Xandr): Privacy Policy
• Beeswax: Privacy Policy
• Google: Privacy Policy
• Microsoft: Privacy Statement
• Awin Group: Privacy Policy
• Snapchat: Privacy Center
• Taboola: Privacy Policy
• X Advertising: Privacy Policy
• Facebook: Privacy Policy
• LiveIntent: Privacy Policy
• Pinterest: Privacy Policy
• Reddit: Privacy Policy

• Contact information of ARMRA:
• Rahal Biosciences, Inc. d/b/a ARMRA

Email: help@tryarmra.com

The purchaser of your consumer health data may redisclose the consumer health data sold under this authorization and such data may no longer be protected by the MHMDA and/or NV SB 370.

You may revoke this authorization at any time by using the ARMRA cookie banner. To do so, uncheck the box next to the words “personalize marketing” in the cookie banner and click “Save my choices”. You may also click “Decline all.”

Please note that this will not impact consumer health data that has been previously sold. In addition, if you use different browsers or devices, you must indicate your choices again on each browser/device used to access ARMRA’s website.

If you have any questions about how to revoke your authorization, please contact help@tryarmra.com.

The provision of goods or services may not be conditioned upon you signing this authorization.

This authorization will expire one year after you sign it.