Introduction and Scope
Remote Medicine Inc., doing business as Remote Medical International, and our subsidiaries Remote Medical International Limited; Remote Medical International UK Ltd.; Remote Medical Canada Ltd; Remote Medicine Inc. (DMCC Branch); Remote Medical International Ghana Limited; Occupational Medical Services Ghana Ltd; Remote Medical International Kenya Limited; Remote Medical International Mozambique LDA; Remote Medical International Nigeria Limited; Remote Medical International Oman LLC; Remote Medical International Tanzania Limited; Remote Medical International Malaysia Limited; Remote Medical International Sarl U; Remote Medical International Uganda Limited; Ship Security International Limited; SSI Energy Ltd; Health Pioneers Int. SPC; and Investment License Remote Medicine Inc., (collectively, “RMI”, “we”, “us”, “our”) take the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we may receive through our applications and information systems, as well as in the course of providing staffing and support services (collectively, the “Services”).

Controllership
Within the scope of this Notice, RMI acts as a data controller for the Personal Data we process.

Basis of Processing
We may process your Personal Data on the basis of:

• your explicit consent;
• the need to perform a contract with you;
• our legitimate interests or those of a third party, such as our interest in ensuring the quality, effectiveness, and tracking the success of our Services;
• the need to comply with the law; or
• any other ground, as required or permitted by law.

Where we process your or your child’s Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect processing performed on other lawful grounds. In some cases, we may not be able to continue delivering Services if you withdraw consent for processing your Personal Data.

How We Receive Personal Data
We may receive your Personal Data when:

• you provide it directly to us as part of using or participating in our Services;
• we receive it from third-party validation and accreditation services;
• our clients (including their employees, contractors, and other representatives of the company) provide it to us;
• we receive it from other companies within our corporate group;
• our service providers provide it to us; or
• we receive it from health providers.

Categories of Personal Data
We may process the following types of Personal Data:

• biographical information, such as first and last name and date of birth;
• contact information, such as email address, phone number, and postal addresses;
• account information for various communication services, such as username;
• demographic information, such as gender, race, and ethnicity;
• health information, such as overall fitness to perform necessary tasks, medical history, and health screening results; and
• professional information, such as current position and training.

Purposes of Processing
We may process your Personal Data for the purposes of:

• enabling the use of and participation in the Services;
• tracking the needs of our clients;
• tracking field injuries and medical information for fitness and health purposes for our clients;
• sales lead management;
• responding to your requests or questions; and
• sending you email marketing communications about our business that we think may interest you.

Data Retention
When the purposes of processing are satisfied, we will generally retain applicable Personal Data for a period of seven years, though some Personal Data may be retained indefinitely for regulatory purposes or as required by applicable law.

Sharing Personal Data with Third Parties
We share Personal Data with our subsidiaries and affiliates, as well as with our service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers may provide:

• application hosting services;
• cloud storage services;
• email software;
• electronic health records;
• communication services; and
• CRM software.

We also share Personal Data with subcontractors providing similar services when necessary to meet our clients’ needs. These subcontractors typically act as data controllers in their own right. In all cases, RMI will require that our subcontractors agree to only process Personal Data received from RMI for limited and specific purposes and maintain data protection standards substantially similar to those which RMI itself is subject.

Some of these third parties may be located in other countries, some of which may have different standards for privacy and data security. However, before transferring your Personal Data to these third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data within the scope of our self-certification to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.

Other Disclosure of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

Cookies
A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), and to remember your settings, and generally improve our websites and Services.

We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all of our Services’ features. For more information, please visit https://www.aboutcookies.org/.

You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to “Do Not Track” signals received from web browsers.

Data Integrity & Security
We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction.

Your Personal Data Rights
If we process your or your child’s Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.

If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. To submit these requests or raise any other questions, please contact us by using the information in the “Contact Us” section below.

Privacy of Children
In the course of providing the Services, we may process the Personal Data of children under the age of 13. In such cases, we will obtain and document consent from the child’s legal guardian to process the Personal Data in accordance with this Notice.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
For Personal Data processed in the scope of this Notice, RMI complies with the Privacy Shield. For more information about RMI’s Privacy Shield certification and to learn how we comply with the Privacy Shield Principles, please see our Privacy Shield Statement located at https://www.remotemedical.com/privacy-shield-statement/.

European Union Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.

Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.

Contact Us
If you have any questions about this Notice or our processing of your Personal Data, please write to our Legal Department at privacy@remotemedical.com or by postal mail at:

Remote Medical International
Attn: Legal
4259 23rd Avenue West, Suite 200
Seattle, Washington 98199, USA

Please allow up to four weeks for us to reply.

United Kingdom and European Union Representative
We have appointed Remote Medical International UK Ltd. as our representative in the United Kingdom for data protection matters. Remote Medical International UK Ltd. can be contacted on matters related to the processing of Personal Data in the United Kingdom.

Our United Kingdom representative can be contacted at:

Remote Medical International UK Ltd.
Collingwood House, Port of Tyne
South Shields, NE33 5SP
United Kingdom
Phone: +44 (0) 191 454 48 44

We have appointed VeraSafe Ireland Ltd. as our representative in the EU for data protection matters. VeraSafe Ireland Ltd. can be contacted on matters related to the processing of Personal Data in the EU. Our EU representative can be contacted at:

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

You may also contact VeraSafe through the form available at: https://verasafe.com/public-resources/contact-data-protection-representative.

Data Protection Officer
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe
22 Essex Way #8203
Essex, VT 05451 USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/

Previous Versions
March 8, 2021