INFORMATION ON PERSONAL DATA PROCESSING (PURSUANT ALSO TO THE LEGISLATIVE DECREE 196/2003, ITALY) AMICOMED INC. (herewith defined as “AMICOMED”), provides herewith information on the processing of personal data of “AMICOMED” services’ Customers: (i) that are provided directly by Customer to AMICOMED or its representatives when subscribing the contract(s) to activate “AMICOMED” service(s) or later during said service(s) fruition; (ii) that are acquired by AMICOMED while providing the service(s) requested by Customer and that are needed to provide such service(s). AMICOMED is processing personal data with the appropriate measures to protect Customer privacy, in full compliance to applicable norms on personal data processing in Switzerland and Italy. Data controller Data controller is AMICOMED INC., 2100 Geng Road, Suite 210, Palo Alto 94303, Delaware, 6215374 acting through its respective pro tempore legal representative. It is stated that at present the data controller is not registered to the Privacy Shield operating between the United States and the European Union. Processing purposes and approach Personal data will be transferred to the holder in the United States of America, subject to this consent, for the underlying purpose and will processon paper form or via electronic or automated means for the time strictly required to achieve the purposes for which said data has been collected. Personal data processed by data controller are (i) personal data and other customer specific data (such as name, surname, email address, postal address, fixed or mobile telephone number), (ii) potentially data related to payment method used to purchase service and also (iii) sensitive data, concerning Customer’s health, (such as: blood pressure and pulse rate measurements, customer anamnesis, data on regular drug usage) needed by AMICOMED to provide the service. There are also other sensitive data that AMICOMED could get to know, only by chance and by involuntary association with others; for sensitive data we mean, in addition to data pertaining to health status, also data apt to reveal racial or ethnic origin, religious, philosophical or other convictions, political opinions, association to political parties, trade unions, associations or organizations with religious, philosophical, political or union purposes, and data apt to reveal sexual propensity and activity. To process sensitive data, AMICOMED applies additional cautionary provisions as foreseen by applicable norms and requests specific consent to Customer. Customer personal data as of items (i) e (ii) are processed for the following purposes: a) completion, execution and management of the contract completed with the Customer, and Service provision, including potentially billing and compliance to accounting and tax obligations, sending technical service communications, managing complaints or disputes if any; b) compliance to legal and regulatory obligations in all countries involved; c) market research through email, operator calls, paper mail, aimed at optimizing Service or developing new services by AMICOMED or its representatives, provided Customer consents; d) sending information and other advertising material related to AMICOMED services, via email and/or paper mail, provided Customer consents; e) contact Customer telephonically (call through operator or IVR), email and/or paper mail, to propose provision of Service or other services connected to Service or anyway provided by AMICOMED, provided Customer consents; f) for statistical purposes and clinical epidemiological analyses (it’s stipulated that said data will be anonymized and processed in anonymous forms in all cases required by applicable laws and norms) to improve people health through scientific research on hypertension and in general blood pressure management, provided Customer consents. Provision of data referred to at items (i) e (ii) for the purposes at letters a) e b) is required for the there listed purposes: Customer consent is not required to process data for these purposes. Refusing data provision will prevent AMICOMED from executing the active contracts as well as the provision of services requested. Provision of data referred to at items (i) e (ii) is optional for the purposes listed under letters c), d), e) and f) and Customer is free to give or refuse his or her consent. Refusing to provide data or related consent (that is fully under Customer’s discretion) will prevent AMICOMED from using such data for the purposes listed under letters c), d), e) and f). In such case, contract execution and service provision will not be affected. Consent to the transfer of data to the United States of America is also necessary for the service. Customer personal data and health-related sensitive data as of item (iii) are processed for the following purposes: g) completion, execution and management of the contract completed with the Customer, and Service provision, including potentially billing and compliance to accounting and tax obligations, sending technical service communications, managing complaints or disputes if any; h) compliance to legal and regulatory obligations in all countries involved; i) for statistical purposes and clinical epidemiological analyses (it is stipulated that said data will be anonymized and processed in anonymous forms in all cases required by applicable laws and norms) to improve people health through scientific research on hypertension and in general blood pressure management, provided Customer consents. Provision of data referred to at item (iii), i.e. sensitive health-related data, is required for the purposes at letters g) e h). In any event, consent to process such data is requested. Refusing to provide data or related consent for such purposes will prevent AMICOMED from executing the active contracts as well as the provision of services requested. Provision of data referred to at item (iii) is optional for the purposes listed under letter i) and Customer is free to give or refuse his or her consent. Refusing to provide data or related consent (that is fully under Customer’s discretion) will prevent AMICOMED from using such data for the purposes listed under letter i). In such case, contract execution and service provision to will not be affected. Sharing of personal data and subjects entitled to processing For contractual purposes and to manage services provided to Customer, as well as to abide to applicable laws and norms (purposes listed at letters a) e b)), AMICOMED could share personal data listed under points (i) and (ii) in the previous section (titled “Processing purposes and approach”) to its own advisors on legal, accounting or other matters, to its bank or payment service processor, or to companies or other third parties which would have a contractual relationship with AMICOMED to manage services provided to Customer (call center that collect service activations or otherwise handle customer calls, physicians within or supporting the Medical Center to provide the Service, telecom or cloud service companies that enables service management or provision even electronically, its subsidiaries potentially charged of the management of the technological platforms and provision of some service component). Those subjects will act as personal data autonomous controllers or data processors and will have access solely to the data required to satisfy its own obligations towards AMICOMED. AMICOMED employees and consultants as data processors could also process those data. For the purposes listed under letters c), d) and e) in the previous section (titled “Processing purposes and approach”), AMICOMED could share personal data listed under point (i) to advertising or direct marketing companies or companies that would propose “AMICOMED” services to Customer. Those subjects will act as personal data autonomous controllers or data processors and will have access solely to the data required to satisfy its own obligations towards AMICOMED and only for AMICOMED’s promotional activities and not for themselves or for third parties. AMICOMED employees and consultants as data processors could also process those data. For the purpose listed under letter f) in the previous section (titled “Processing purposes and approach”), AMICOMED could share personal data listed under point (i) to companies focused on statistical or epidemiological analyses which will act as personal data autonomous controllers or data processors and will have access solely to the data required to satisfy its own obligations towards AMICOMED. AMICOMED employees and consultants as data processors could also process those data. For contractual purposes and to manage services provided to Customer, as well as to abide to laws and domestic and EU norms (purposes listed at letters g) e h)), AMICOMED could share personal and health-related sensitive data listed under point (iii) in the previous section (titled “Processing purposes and approach”) to physicians that will act as data processors. Whenever AMICOMED Service activation should happen telephonically, data related to pre-existing cardiovascular conditions or drugs regularly taken will be asked by the operator to complete the activation of the contractual relationship with AMICOMED and to allow service provision. Data under point (iii) could also be potentially treated in case of dispute or complaint by legal or medical advisors. All so-listed subjects will act as data processors and will have access solely to the data required to satisfy its own obligations towards AMICOMED. AMICOMED employees and consultants as data processors could also process those data. A full list data processors is anyway available at AMICOMED’s legal headquarters and can be requested by email at info@amicomed.com. For the purpose listed under letter i) in the previous section (titled “Processing purposes and approach”), AMICOMED could share personal and health-related data listed under point (iii) to companies focused on statistical or epidemiological analyses which will act as personal data autonomous controllers or data processors and will have access solely to the data required to satisfy its own obligations towards AMICOMED. AMICOMED employees and consultants as data processors could also process those data. Whenever service subscribed by Customer includes the “Caregiver” function, all data listed in this note, sensitive or not (items (i) and (iii)), could be made accessible to the “caregiver(s)”, i.e., the person(s) that Customer indicates in order to enable him or her to access data, that will act s autonomous data controller, completely independently on AMICOMED. Analogously, the Customer, in providing “caregiver” data will act as autonomous data controller for “caregiver” data. To enable caregiver to access his/her own data, Customer has to express an explicit consent. Should the Customer refuse such consent, AMICOMED will be unable to provide the service to allow caregiver data access. Location of processing Personal and health-related sensitive data will be processed and stored pursuant to applicable laws and norms and on cloud servers located inside the UE (or Switzerland, whose legal framework has been reputed suitable by the European Commission and Italian Garante della Privacy). Right of Access to personal data and other rights Pursuant also to art. 7 of Legislative Decree 196/2003 and the UE normative, the Customer has the right to get confirmation of the existence or not of personal data related to him/her, even if not yet recorded, and its communication in intelligible form. The interested party has the right to know: a) the origin of personal data; b) purposes and approach for data processing; c) the logic applied in the event of electronic data processing; d) the names of the data controller and data processors; e) the subjects or categories of subjects that personal data could be shared with or that could get to know personal data as designated representatives in the Country, of controller or processes. The interested party has the right to obtain: a) the update, the correction or, when interested, the integration of such data; b) the cancellation, anonymization or blocking of data processed under violation of the law, including those for which conservation is not needed in connection to the purposes for which data has been collected or subsequently processes; c) the declaration that operations under letters a) and b) have been communicated, including its own content, to whomever data have been shared to, except in the event when compliance is impossible or involves usage of means clearly not proportional to the protected right. The interested party has the right to oppose, completely or in part: a) for legitimate reasons to his/her own personal data processing even when pertinent to collection purposes; b) to personal data processing for the purpose to send advertising material or direct sales or for market research or commercial communication. In the latter case, it’s clarified that the right of opposition to the processing of his/her own personal data for such purposes, realized through automated contact methods (email), is also extended to the other contact methods (operator calls or paper mail). Any such requests could be sent to the data controller address, or, by email, to the following email address: support@amicomed.com Changes Given the continuous evolution of technology and legal frameworks, we may revise this information from time to time – the most current version will always be available on our website. If a revision meaningfully changes your rights, we will visibly notify you and/or send an email notifying you with the changes to the email address on record for the Customer. We commit not to reduce the protections and rights of Customers listed in the present document without their consent.

I hereby consent to have my personal data processed