PRIVACY POLICY

What Does Our Privacy Policy Include?

This Privacy Policy describes how LumiraDx UK Ltd. (“LumiraDx,” “our,” “we,” or “us”) collects, uses, and shares information about the Account Holder and Profile holders (as defined below) (“you”) through the LumiraDx MyAmira mobile application (“MyAmira App” or the “App”). The MyAmira App is used to provide you with test instructions and to display the results obtained from LumiraDx MyAmira Self Testing kit for collection of the test specimen (collectively, a “LumiraDx Test” or a “Test”) to which the MyAmira App connects, and through which you may run COVID-19 self-tests contemplated by the instructions provided in the Test package (together, the “Services”). Please read this Privacy Policy, which is incorporated into our Terms and Conditions, carefully in order to understand how we collect, story and use your information. If you do not understand any aspects of our Privacy Policy, please feel free to contact us as described at the end of this Policy.

Our Policy focuses on Personal Information – information about you that is personally identifiable, such as contact information (e.g., name, address, email address and any other non-public information that is associated with such information (collectively, “Personal Information”) and personally identifiable health or medical information (“Health Information”). We do not collect Protected Health Information as defined under the Health Insurance Portability and Accountability Act. When we use the term “De-Identified Information,” we mean information that is not individually identifiable—for example, your name and address have been removed. When using this App, we recommend that you enable your mobile phone’s privacy features, such as enabling your screen to automatically lock.

This Privacy Policy applies only to information we collect through the MyAmira App. Our App may also contain links to third party sites that are not owned or controlled by LumiraDx. We are not responsible for the privacy practices of such other sites. LumiraDx does not share Personal Information or Health Information with those other sites or services. We encourage you to be aware of when you leave the MyAmira App, such as to visit other sites or apps, and to read the privacy statements of each and every website or services that collects your personal information.

The Services are comprised of the LumiraDx Amira Self Testing kit, an over-the-counter (“OTC”) testing device, and the MyAmira App. You understand that when you use the Services, we are required by law to share the COVID-19 SARS-CoV-2 OTC test results and certain Personal Information or Health Information with the Center for Disease Control (“CDC”) and other state and local regulatory authorities, and we will share the information required by such laws. By using the Services, you consent to the disclosure of your results in accordance with applicable law. DO NOT USE THE SERVICES IF YOU DO NOT AGREE TO SHARE THESE RESULTS AND OTHER PERSONAL OR HEALTH INFORMATION THAT IS REQUIRED BY APPLICABLE LAWS.

Medical Disclaimer:

Once you receive your results, you understand that you may need to discuss them with your healthcare provider for further guidance. Testing does not replace treatment by your medical provider. You assume complete and full responsibility to take appropriate action regarding your test results. Providing the Services does not create a patient/physician relationship between you and LumiraDx or any of LumiraDx’s employees, nor does it obligate LumiraDx or LumiraDx’s staff to perform any other care or treatment for you. You agree you will seek medical advice, care and treatment from your medical provider if you have questions or concerns, or if your condition worsens.

What Information Do We Collect?

We collect two types of information:

(1) information we receive from you about the individual who registers and manages the account (the “Account Holder”) or the users for whom the Account Holder stores LumiraDx Test results, including but not limited to legal children, employees, visitors to your store, students, or attendees at your event (the “Profiles”), and

(2) information that we collect through your use of the MyAmira App. Account Holders may only create profiles for your children that are between the ages of two and eighteen years old and for whom you are the legal parent or guardian.

Account Holders Provide to Us

When you create an account, we ask you to enter your name, phone number, email address, date of birth, gender, address and location.

When you use the App to request information from us, contact customer support, or otherwise communicate with us, you provide additional information to us. This Privacy Policy applies to this and other information that you provide to us.

[We have pages on social media sites like Instagram, Facebook, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Information that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.] If you choose to share information directly from the App onto a social media account, please see information below on the information we share with social media partners.

Information Account Holders Provide to Us About Both the Account Holder and Profile holders

Account Holders and their minor children: When you set up a Profile in your account for an Account Holder or other Profile holder, you provide us with the Profile holder’s name, phone number, email address, date of birth, gender, address and location so we can associate the correct test results with the individual being tested.

As the Account Holder, you will need to consent to the MyAmira App’s and the Services’ Terms and Conditions and accept this Privacy Policy for yourself and, if you are the parent or legal guardian of a minor Profile holder, on behalf of those minors. You agree as an Account Holder parent/guardian that we may collect the foregoing data on your minor and consent to this collection of data, and that you are legally authorized to consent on their behalf.

[Commercial] Account Holder: As a [commercial] Account Holder, you understand that we will be collecting the foregoing data on the individuals who create a Profile under your account. YOU AGREE THAT YOU WILL NOT ENGAGE WITH THE SERVICES OR THE APP IN ANY WAY THAT REQUIRES THE PROFILE HOLDER’S CONSENT WITHOUT FIRST OBTAINING THE CONSENT OF THE PROFILE HOLDER.

Profiles: A separate user Profile must be created for each individual who will use the Test. Each Profile will only be associated with the Account Holder, and Profiles cannot be shared between Account Holders. For example, if you create multiple Profiles under different Account Holders’ accounts (e.g. your barber, your gym, and your dentist), we will not link that information, and Account Holders can only access information in the Profile entered using their Account. You can only access your Profile information through the Account Holder. To request termination of your Profile, please first contact the Account Holder. If the Account Holder does not terminate the Profile, please contact us at privacy@lumiradx.com to request termination. Please also see below about what information we may be required to keep when you terminate your Profile.

Information We Collect Through Your Use of the MyAmira App

You also provide us with information about the Account Holder and the Profile holders in other ways through technology. Some of this information may be linked to you personally.

A Special Note About Children and Minors. LumiraDx does not allow individuals under the age of 18 to use the Services, but an Account Holder may add Profiles for minor family members as long as the Account Holder is (i) over the age of 18 and (ii) is the parent or legal guardian of the minor

How Do We Use and Share Personal Information or Health Information?

We may use Personal Information or Health Information for the following purposes (subject to applicable legal restrictions):

We may also share Personal Information or Health Information that we collect or you provide (subject to applicable legal restrictions) as follows

Test results of Profile holders will be visible to the Account Holder. You may share Test results belonging to the Account Holder and Profile holders on social media through the App. Your posts will appear in other users’ feeds on social media sites like Instagram, Facebook, Twitter, and LinkedIn (“Social Media Pages”) you choose to share to. You acknowledge that by sharing posts or adding information to your profile from your MyAmira App Account, you make the information shared available to other users and that LumiraDx cannot control and shall not be responsible for any use other users make of such information. YOU AGREE NOT TO SHARE TEST RESULTS WITHOUT THE EXPRESS PERMISSION OF THE INDIVIDUAL TO WHOM THE TEST RESULTS BELONG. Once you share Test results on Social Media Pages, the post and shared information are subject to the terms of the social media platform.

We may use your Personal Information to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email or telephone number, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. You can also control the marketing emails and/or text messages you receive by updating your settings through your account. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications, but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.

By providing your telephone number to our customers to use the Services or the App, you consent to receive information from us via SMS and/or MMS messages sent through an automated telephone dialing system (“Text Service”), even if you have opted in to the National Do Not Call List, any state Do Not Call List, or the internal Do Not Call List of any company. You may be required to respond to an initial message as instructed to complete your registration and confirm enrollment in the Text Service. The enrollment process will disclose the program, frequency of messages, and options to cancel your enrollment. You do not have to participate in the Text Service in order to use the Services or the App. In the event you no longer want to participate in the Text Service, you agree to notify us directly. In the event you change or deactivate your mobile telephone number, you agree to promptly update your Company account information to ensure that your messages are not sent to the person that acquires your old number. For more about our Texting Service, please review our Terms and Conditions.]

De-Identified Information. We may use and share De-Identified Information created by us without restriction because it is no longer considered Personal Information. We may use De-Identified Information to conduct research, to improve our products and the user experience, to perform research and development surrounding our products, to analyze the effectiveness of our Services and the App, to improve and add features to our Services and the App, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and the App and share aggregated information like general user statistics with prospective business partners. We may collect De-Identified Information through the Services or the App, and through other means described in this Privacy Policy.

Other Uses with Your Consent. In addition to the sharing described elsewhere in this Privacy Policy, we will share Personal Information with companies, organizations, or individuals outside of LumiraDx only when we have authorization to do so.

How Long is Your Data Retained?

We keep Personal Information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer. We may also be required to retain certain Health Information, including COVID-19 test results, in order to comply with legal and regulatory obligations, including for public health reporting, and if we have a legal obligation to keep the data, if you ask us to delete this information, we will not be able to do so.

How Do You Access and Update Your Personal Information?

You can access and update certain information we have relating to your Account or Profile (email, profile information, and preferences) by following these steps:

(i) too update Account Holder information, go to “Menu” then “My Account;” and/or

(ii) to update Profile holder information, go to “Profiles.”

You may contact us as described at the end of this Policy to request termination of your account. We may be required to retain the data from your profile to comply with legal obligations and for regulatory purposes. You understand that if you delete your account as the Account Holder, you will no longer have access to your own profile information, and Profiles associated with your Account will also be terminated. You also understand that if you ask to terminate your Profile, you will only be terminating your Profile under the specific Account Holder you made the request under, and any other Profiles you have under different Account Holders will remain in effect unless terminated. When a Profile is terminated, all local data associated with the Profile on the device will be deleted, but if we are required to keep your Personal Information or Health Information for legal reasons, we will only keep that information stored [archived] in secure cloud servers that are located in the geographic region of the Account Holder for as long as we are required to maintain it.

How Is Your Information Protected?

You use the Services and the App at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal and Health Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services, the App, or email. Please keep this in mind when disclosing any Personal or Health Information to LumiraDx via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, the App, or third-party websites. You should report any security violations or breaches to us by contacting us at privacy@lumiradx.com.

Where Will Your Information Be Maintained?

The MyAmira App is operated and managed on servers located and operated within the United States. Account Holders’ and Profile holders’ Personal Information will be stored on servers located in geographically-specific locations determined by the Account Holder’s device location or address

How Will You Know If This Policy Changes?

We may change this Privacy Policy from time to time in the future. We will post any revised version of the Privacy Policy on this page and at other places we deem appropriate. Continued use of our Services and the App will indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

How Can I Contact You If I Have Questions?

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, please email us at privacy@lumiradx.com.