PRIVACY POLICY

Please read this Privacy Policy carefully in order to understand how we collect, store and use your data. If you do not understand any aspects of our Privacy Policy, please feel free to contact us as described at the end of this Policy.

1.     WHO WE ARE?

LumiraDx UK Ltd. (“LumiraDx,” “our,” “we,” or “us”) is a leading company specialized in delivering high accuracy diagnostics for community-based healthcare, providing simple, accessible, and affordable point of care testing.

2.    WHAT DOES OUR APP DO?

The LumiraDx Engage Mobile Application (the “LumiraDx Engage App” or the “App”) is designed to:

(1) operate and display test results obtained using the applicable LumiraDx Self-Test Instrument, an over-the-counter (“OTC”) testing device, for collection and testing of a specimen obtained from you as contemplated by the instructions provided in the Self-Test Instrument package (collectively, a “Self-Test”) and,

(2) help you easily share your personal profile data with clinics, testing sites, and other sites at which healthcare professionals perform tests (collectively, “Clinics”) when you receive a test onsite (each, a “Test”).

The “Services” we provide are comprised of use of the App (i) to operate the applicable Self-Test Instrument and (ii) to share your personal Profile to receive a Self-Test or to receive a Test performed by a healthcare professional at a Clinic.

3.    HOW DOES OUR APP WORK?

To use the App, you (the “Account Holder”) will need to register and manage an account (“Account”). LumiraDx does not allow individuals under the age of 14 to create Accounts.

As an Account Holder, you may register and create Profiles for your children that are between the ages of two and fourteen years old, provided you are the legal parent or guardian and you may permit adults to themselves register and create Profiles under your Account (each a “Profile holder”).

The Test results of the Account Holder and each Profile holder will be displayed on the Account and are visible to the Account Holder. A Profile created under a particular Account is associated only with that Account; you can only access your Profile information through the Account in which your Profile was created; and Profiles cannot be shared between different Accounts. For example, if you create Profiles under the Accounts of multiple different Account Holders (e.g. your barber, your gym, and your dentist), we will not link those Profiles, and each Account Holder can only access Profiles created using their Account.

4.    WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA AND DATA CONCERNING HEALTH?

We may process your data based on:

5.    WHAT IS THE PURPOSE OF OUR PRIVACY POLICY?

This Privacy Policy describes how we collect, use, and share information about the Account Holder and Profile holders (“you”), through the LumiraDx Engage App.

You understand that when you use the Services, we may share certain test results and certain Personal Data or Data concerning Health to the competent health authorities and other regulatory authorities when required by law.

BY PROVIDING YOUR EXPRESS CONSENT TO THIS POLICY, YOU ALSO CONSENT TO THE DISCLOSURE OF YOUR RESULTS AND SUCH INFORMATION IN ACCORDANCE WITH APPLICABLE LAW.

Medical Disclaimer:

Once you receive your results, you understand that you may need to discuss them with your healthcare provider for further guidance. Testing does not replace diagnosis or treatment by your medical provider. You assume complete and full responsibility to take appropriate action regarding your test results. Providing the Services does not create a patient/physician relationship between you and LumiraDx or any of LumiraDx’s employees, nor does it obligate LumiraDx or LumiraDx’s staff to perform any other test, care or treatment for you. You agree you will seek medical advice, care and treatment from your medical provider if you have questions or concerns, or if your condition worsens.

6.    WHAT DATA DO WE COLLECT?

We collect and process Personal Data, which is information about you that is personally identifiable, such as name, address, phone number, email address, date of birth, gender, location as well as any other non-public information that is associated with such information (collectively, “Personal Information”).

We also collect data that you provide to us when you request information either through the App, by contacting customer support, or by otherwise communicating with us. We also collect data that you may provide to us through technology, some of which may be linked to you personally:

7.    DO WE COLLECT DATA FROM MINORS?

LumiraDx does not allow individuals under the age of 14 to create Accounts, but you may create Profiles for your children that are between the ages of two and fourteen years old provided you are the legal parent or guardian.

IN SUCH CASE, YOU AGREE AS PARENT/GUARDIAN THAT WE MAY COLLECT THE FOREGOING DATA ON YOUR MINOR OR OTHER INDIVIDUALS FOR WHOM YOU ARE THE LEGAL GUARDIAN AND CONSENT TO THIS COLLECTION OF DATA, AND THAT YOU ARE LEGALLY AUTHORIZED TO CONSENT ON THEIR BEHALF.

8.    WHY DO WE USE PERSONAL DATA OR DATA CONCERNING HEALTH?

We may use Personal Data or Data concerning Health for the following purposes (subject to applicable legal restrictions):

9.    WITH WHOM AND FOR WHAT PURPOSE DO WE SHARE YOUR PERSONAL DATA OR DATA CONCERNING HEALTH?

We may share your Personal Data or Data concerning Health (subject to applicable legal restrictions), for the purposes set forth below, with:

  a)  natural or legal persons, public authority, agency or other body which processes personal data on behalf of, and appointed by, LumiraDx (Data Processor), namely:

  -  subcontractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data and Data concerning Health confidential and use it only for the purposes for which we disclose it to them;

  -  healthcare providers, Clinics, or other entities that performs your Self-Test or Test or on whose behalf your Self-Test or Test is performed who perform your test.

    You understand, as an Account Holder or the holder of a Profile under the Account of an Account Holder, that if you elect to have a Test performed by a healthcare professional at a Clinic, we will be collecting the foregoing data on you and will share that data with the Clinic, who may share that data with other third parties, including, for example, parties who engage the Clinic to conduct testing, subject to the provisions of the Data Protection Agreement entered into with LumiraDx. Questions on how the Clinic may share your data must be directed to the Clinic;

  b)  our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with us. Our affiliates will use the Personal Data and Data concerning Health we share in a manner consistent with this Privacy Policy;

  c)  if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider (collectively, a “Transaction”), your Personal Data, Data concerning Health, and other information may be shared in the diligence process with counterparties and others assisting with the Transaction.

We may also share your Personal Data and/or Data concerning Health as required by law, including:

  -  by statute, regulation, subpoena, court order, legal process, or government request;

  -  to report, either directly or indirectly, adverse events related to medical device problems to the competent local authorities.

  -  to report Self-Test or Test results to the competent local authority.

By accepting this Policy, you provide your express consent to allow us to transfer your Personal Data and/or Data concerning Health to a successor or affiliate as part of or following that Transaction along with other assets. You will be promptly informed of such transfer of your Personal Data and/or Data concerning Health.

We will not sell, rent, or use for marketing purposes any data that you enter to register for an account or create a profile in the App.

10.    SAMPLE POOLING

Sample Pooling is the process of combining multiple specimens together to more quickly test groups of people for SARS-CoV-2, which can be an efficient approach for a serial testing program that tests many people on a routine basis. When approved by the applicable regulatory authority, we may facilitate the use of sample pooling. A positive test result amongst a pool may require each individual to be retested. Your test results will remain confidential pursuant to the terms of this Privacy Policy and no other subject in a pool will know your identity or test results. If you are selected for sample pooling, we will provide further information to you at that time.

11.    PSEUDONYMISATION

We may process data in such a manner that you are no longer individually identifiable, for example, when your name and address have been removed (“Pseudonymization”).

We may use and share Pseudonymized Data created by us without restriction because it is no longer considered Personal Data. We may use Pseudonymized Data to conduct research, to improve our products and the user experience, to perform research and development surrounding our products, to analyze the effectiveness of our Services and the App, to improve and add features to our Services and the App, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and the App and share aggregated data like general user statistics with prospective business partners. We may collect Pseudonymized Data through the Services or the App, and through other means described in this Privacy Policy.

12.    HOW LONG IS YOUR DATA RETAINED?

We keep Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes). We may also be required to retain certain Data concerning Health, including test results, in order to comply with legal and regulatory obligations, including for public health reporting. If we have a legal obligation to retain the data, if you ask us to delete this information, we will not be able to do so.

13.    HOW IS YOUR INFORMATION PROTECTED?

You use the Services and the App at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Data or Data concerning Health both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services, the App, or email. Please keep this in mind when disclosing any Personal Data or Data concerning Health to LumiraDx via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, the App, or third-party websites. You should report any security violations or breaches to us by contacting us at engage-IT@lumiradx.com.

When using this App, we recommend that you enable your mobile phone’s privacy features, such as enabling your screen to automatically lock.

14.    WHERE WILL YOUR INFORMATION BE STORED?

The App is operated and managed on servers located and operated in Frankfurt, Germany. Account Holders’ and Profile holders’ Personal Data or Data concerning Health will be stored on servers located in geographically specific locations determined by the Account Holder’s device location or address.

15.    HOW WILL YOU KNOW IF THIS POLICY CHANGES?

We may change this Privacy Policy from time to time in the future. We will post any revised version of the Privacy Policy on this page and at other places we deem appropriate. Please check this page periodically.

In the case of non-substantive changes, your continued use of our Services and App will constitute your acceptance of those changes. If, however, we make material changes to this Policy, you will be asked to provide your express consent again.

16.    HOW DO YOU ACCESS AND UPDATE YOUR DATA?

You can access and update certain data we have relating to your Account or Profile (email, profile information, and preferences) by following these steps: (i) to update Account Holder information, go to “Menu” then “My Account;” and/or (ii) to access Profile holder information, which may not be updated, go to “Profiles”.

17.    TRANSFER OF YOUR DATA

We take all steps reasonably necessary to ensure that your Personal Data and Data concerning Health are treated securely and in accordance with this Privacy Policy and not to transfer of such data to an organization or a country unless there are adequate controls in place.

18.    YOUR RIGHTS

We undertake to respect the confidentiality of your Personal Data or Data concerning Health and to guarantee you can exercise your rights.

You have the right under this Privacy Policy, and by law if you are within the EU, to:

  -  Request access to your Data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. This also enables you to receive a copy of the Data we hold about You.

  -  Request correction of the Data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.

  -  Object to processing of your Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Data on this ground.

  -  Request erasure of your Data. You have the right to ask us to delete or remove Data when there is no good reason for us to continue processing it.

  -  Request the transfer of your Data. We will provide to you, or to a third-party you have chosen, your Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated data which you initially provided consent for us to process or where we used the data to perform a contract with you.

  -  Withdraw your consent. You have the right to withdraw your consent on processing your Data. If you withdraw your consent, you will not be able to use the App.

19.    TERMINATION OF YOUR ACCOUNT AND/OR PROFILE

You understand that if you delete your account as the Account Holder, you will no longer have access to your own profile information, and Profiles associated with your Account will also be terminated. You also understand that if you ask to terminate your Profile, you will only be terminating your Profile under the specific Account Holder you made the request under, and any other Profiles you have under different Account Holders will remain in effect unless terminated. To request termination of your Profile, please first contact the Account Holder. If the Account Holder does not terminate the Profile, please contact us at engage-IT@lumiradx.com to request termination.

When a Profile is terminated, all local data associated with the Profile on the device will be deleted, but if we are required to keep your Personal Data or Data concerning Health for legal reasons, we will only keep that information stored in secure cloud servers that are located in the geographic region of the Account Holder for as long as we are required to maintain it.

BY ACCEPTING THIS PRIVACY POLICY, YOU EXPRESSLY CONSENT TO YOUR PERSONAL DATA BEING DELETED BY THE ACCOUNT HOLDER WITHOUT BEING PROVIDED ANY NOTICE.

20.    PERSONAL DATA BREACH

We are required to notify you of any Personal Data Breach.

We have put in place procedures to deal with any suspected Personal Data Breach and will notify you and/or any applicable regulator where we are legally required to do so.

If you know or suspect that a Personal Data Breach has occurred, please contact: engage-IT@lumiradx.com.

21.    EXERCISING OF YOUR DATA PROTECTION RIGHTS

You may exercise your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

You have the right to complain to a Data Protection Authority about our collection and use of your Data. For more information, if you are in the European Economic Area (EEA), please contact your local Data Protection Authority in the EEA.

22.    HOW CAN I CONTACT YOU IF I HAVE QUESTIONS?

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, please email us at engage-IT@lumiradx.com.