Somryst Privacy Notice

Last Updated: February 7th, 2025

NOX MEDICAL, LLC. SOMRYST PATIENT-FACING MOBILE APPLICATION PRIVACY  NOTICE   

THIS PRIVACY NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN EXERCISE YOUR DATA RIGHTS. PLEASE REVIEW IT CAREFULLY. 

Overview and Scope

Through its Somryst mobile application (“App”) for Patients (“Patient”, “you” or “user”), Nox Medical LLC, and its affiliates (“Nox”, “we” or “us”) provides digital prescription therapies designed to improve Patient outcomes.  These prescription therapies include data collection, storage, analysis and reporting tools, functions and related  services, which are collectively referred to in this Privacy Notice as the “Service.” We also operate one or more websites for Clinicians and Clinical Partners (each, a “Site”) through which Clinicians and  Clinical Partners view Patient information and monitor Patient use of the App and the Service.  This Privacy Notice covers how Nox collects, receives, uses, retains, and discloses personal data. When used in this Notice, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual (“data subject”), and includes “personal data” or “personal information” as defined in applicable data protection laws. Data that cannot be associated with you, such as aggregated, de-identified, or anonymized information (“Anonymous Information”), is not personal data. Nox commits to keep Anonymous Information in its de-identified state, and will make no efforts to re-identify such data.

Definitions

Clinical Partners are hospitals, clinics, practices or other medical groups or health care systems that have  contracted with Nox to permit use of the Service by their respective Clinicians and Patients;  

Clinicians are practitioners, patient advocates, coaches or other individuals who (as employees of or contractors  to a Clinical Partner) provide health care or related services to Patients; 

Health Plan Sponsors are organizations, including employers, that establish and maintain a health insurance plan for their members, employees, or participants;

Pharmacy Partners are pharmacies  that have contracted with Nox to facilitate the use of the Service by their respective Clinicians and  Patients; and 

Patients are individual patients of the Clinical Partner who receive medical treatments or other  health care services from one or more Clinicians, or individuals who are properly authorized representatives of  any such patient.  

Clinicians, Clinical and Pharmacy Partners provide your personal data to Nox in order to register you as a user of the Service. As you use the App and the Service, the information you provide through the App  and Service will be viewed by your Clinician and Clinical Partner on the Site to enable your health care team to provide therapy and treatment.  

The App is available only to Patients who have been given the necessary password or similar credential to access the Service.  

In order to receive access to and use the Service, Patients must have given their consent to a Clinical or  Pharmacy Partner or Clinician to the use and disclosure of their information as described in this Privacy Notice.  Users must also provide their consent to Nox, as described below. 

Agreement

By using the App or the Service, and/or by providing personal data to Nox, you accept and  hereby expressly consent to our collection, use, retention, and disclosure of your Personal Data in accordance  with the terms of this Privacy Notice. If you choose not to provide the requested information, you will not  be able to access the Service. 

Nox Medical’s Obligations

Nox is required to abide by the terms of this Privacy Notice currently in effect.  However, this Notice may change from time to time, so please check back periodically to review the most recent modification date to ensure that you are aware of any changes in our processing of your Personal Data.  Your continued use of the App or the Service after any changes signifies your express, explicit, voluntary and  unambiguous consent to any such changes. If you do not agree to such changes, you must immediately stop using the App and the Service. 

Information Collection and Use

Patients must be registered on the App and have an active account in order to use the Service. We receive personal data about Patients from a Clinician, Clinical or Pharmacy Partner or Health Plan Sponsor  in order to establish an account and for you to be able to register for and use the Service and identify you as an authorized Patient. Nox may collect personal data when Patients are registered through the Site and confirmed within the App.  

When registering on the App, we collect your email address and password. We combine this information with the personal data about you that we receive from the applicable Clinician, Clinical or Pharmacy Partner or Health Plan Sponsor to create your user profile and provide you with the Service. When you use the App, we may also collect information from you relating to your treatment for and use of controlled substances. It is always your choice whether or not to provide us with such information, which we will share with the Clinician, Clinical or Pharmacy Partner. 

The following table provides examples of the types of information that we collect in various contexts and how we use that information.

Nox uses Personal Data and information you provide to us through the App and the Service:  

a. To provide the Service and treatment (for example, Nox may use or disclose protected health  information for the purpose of allowing it, Clinician, and Clinical and Pharmacy Partners and Health Plan Sponsors to provide treatment  or to contact you about reminders and treatment effectiveness and alternatives);

b. To communicate with you, for example to reset password or reminders;

c. To communicate with your Clinicians, Pharmacy and Clinical Partners or Health Plan Sponsors, as applicable, to review the functionality and effectiveness of treatment including this and other prescriptions provided by Clinician;

d. For payment – we may use/disclose your information for the purpose of allowing us as well as our partners to secure payment for services provided to you;

e. For health care operations – we may compile information and Analytics about you, your use of the App and  other treatments and share those with our Partners;

f. To create user profiles;

g. To create de-identified analytical information about the effectiveness of the Services and overall improvement thereof;

h. To reply to your request for information or comments.

Analytics

When you use the App or the Service, we collect de-identified information relating to your browser or device  type, the time and date you use the Service, operating system, identification of Site or App page views, use of  particular Service features, geographic location and other statistical information relating to your use of the App  or the Service but which does not identify you. This information is referred to in this Privacy Notice as  “Analytics.” We use Analytics to develop, improve, extend and test the Service (and underlying technology  platforms) and to market and promote Nox and the Service; and we disclose, distribute and transmit Analytics to Clinical and Pharmacy Partners and Health Plan Sponsors for their use. 

Authorization for Disclosures to Third Parties

A separate authorization would be required for any use and disclosures of Personal Data not described in this Privacy Notice.

Withdrawing Consent

You may withdraw your consent to further use of your personal data by discussing this request with your Clinician or by submitting your request via our online form. We will respond to your request in  accordance with the law that applies to you. Your personal data which we processed prior to your request may not be deleted from our Site or Service system records but will be blocked from further processing without your permission. A request to withdraw consent may not apply to information collected by tracking technologies or  used internally to recognize you and/or facilitate your visits to the Site, or information we may keep to comply with legal requirements. Any such requests that relate to Protected Health Information or similarly protected health information will be addressed consistent with the requirements of the Health Insurance Portability and  Accountability Act of 1996 (HIPAA) Privacy Rules or other applicable laws.  

A Clinician may access, change, or modify your information, according to the privacy policy of that Clinical Partner. If you wish to access, amend, or modify your information in any way, please discuss this change with your Clinician. 

Protecting Your Information

The security of your information and data while using our App and Service is very important to us. Our App and Service employ a variety of technical safeguards to protect the confidentiality, integrity, and availability of your personal information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.

In addition, healthcare organizations with whom you connect may use a variety of physical, administrative, and technical measures to protect your personal information.

Please see our Trust Center: https://trust.noxhealth.com/ for more information on our security practices.

Retention of Personal Information

Your personal data is retained for as long as it is required for the purposes mentioned above or to comply with applicable regulations (see more details in table of section 5).

Information Sharing and Disclosure

Your personal data will be shared with your health care team, including Clinicians, Clinical and Pharmacy Partners, who will access and view such personal data through the Site. We disclose your personal data and  other data to third party vendors who help us operate the Site. These third parties are contractually obligated to maintain the confidentiality of your personal data consistent with the terms of this Notice and to comply with the applicable data protection laws.  

We will disclose your information in response to valid legal process, for example, in response to a court order, a  subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting  requirements. We also may disclose your information in response to a law enforcement agency’s request or  other request for information from the U.S. or other government entities, or where we believe it is necessary to  investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential  threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our  products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent  with legal requirements. In addition, we may, upon notice to you and/or your Clinical Partner, transfer your  information to an entity or individual that acquires, buys, or merges with Nox, or our other  business units.  

We share Analytics with Clinicians and Clinical and Pharmacy Partners for their internal use and with other  third parties to market and promote Nox and the Service. 

Links to Other Sites; Third Party Apps; Transactions with Third Parties

The App may contain links to other sites that are not owned or controlled by Nox. Please be aware that we are not responsible for the privacy practices of these other sites. We encourage you to review the privacy policies and statements of other sites to understand their information practices. Our Privacy Notice applies only to information collected by our App and Services.  

You may be able to obtain an App, access the Service and/or communicate with the Service from, and you may  be able to link or communicate from the Service to, applications, devices, distribution platforms and websites  owned and operated by Clinical or Pharmacy Partners and/or by Apple, Google or other third party distribution  platform operators (“Channel Partners”). These other applications, devices, platforms and websites belong to  third parties and are not operated or controlled by Nox. Our Privacy Notice does not apply to any  information collected, received, used, processed, transferred or disclosed by such third parties. Additional or  different terms and conditions (including without limitation, privacy and security practices) apply when you  access and use third party applications, devices, platforms and websites, which are not the responsibility of Nox.  

Nox is not responsible for and will not be a party to any transactions between you and a third party  provider of products, information or services. Nox does not monitor such transactions or ensure  the confidentiality of your Personal Data, including credit card information, for any third party transaction. Any  separate charges or obligations you incur in your dealings with these third parties linked to Nox’s  Site are solely your responsibility.

Children

If you believe a child or person who is under age 18 has used the Service and entered personal health information, please contact us using one of the options provided below. 

International Transfers of Personal Data

Nox stores data on servers located where personal data was initially collected. Some of our service providers have servers that are located outside of the region where your data was collected,  and therefore your personal data may be transferred to and accessible from countries outside of your country of origin. 

Transfers of EU personal data to the US are subject to the EU Standard Contractual Clauses pursuant to Article 46 (2) (c) GDPR. Please contact us via our contact details below to obtain a copy of the relevant standard contractual clauses.

Your Data Subject Rights

Upon request, Nox will provide you with a copy of personal data we hold about you, correct your personal data, or delete your personal data. You may also object to processing of your personal data or opt-out of automated decision making processes.

Please note, pursuant to the law, certain personal data is exempt from the above requests. To exercise any of these rights, please use our online form, email us at privacy@noxmedical.com, or call (844) 475-3376.

We may request additional information from you, if necessary, to verify your identity or find your unique records in our systems. If you are the authorized representative making an access, correction or deletion request, we must take steps to verify your authority. This will require you to provide written proof of your authority.

We respect your right to privacy, and will not take any negative actions against you for asserting your rights. 

You may also lodge a complaint with your local supervisory authority.

Additional Regional Privacy Considerations

Nox has adopted a global approach on privacy with the intent of providing individuals with strong privacy protections regardless of where they reside. We recognize and implement high standards for privacy rights. If you have any questions or concerns regarding the privacy provisions relevant to you, or you wish to exercise any of these rights, please contact our Privacy Officer by using the contact information provided in Section 17 “Contact Information.”

Controlling Law: There are many US state-specific privacy laws with new ones coming into effect every year. Because California’s privacy protections are viewed by many to be the most comprehensive in the US, we refer US-based individuals to the California Consumer Privacy Act of 2018 (“CCPA”), and as of January 1, 2023 the California Privacy Rights Act of 2020 (“CPRA”), for personal data protection.

Our Processing of US Personal Data:  We collect and have collected in the last 12 months all of the information described in Section 3 of our Privacy Statement from and about US residents. You should refer to that section for more detail, but this information generally falls into the categories listed in the chart in Section 3 to the extent it is personally identifiable. The chart also indicates the data subjects whose personal data we collect, the purposes of processing, and the categories of third parties to whom we recently disclosed the data leading up to the effective date of this Statement. 

We have not sold or shared (as defined in the CCPA and other U.S. state comprehensive privacy laws) personal data covered by this Privacy Notice in the preceding 12 months. We also do not knowingly sell or share the personal data of individuals under 16 years of age.

 US Privacy Rights: Under applicable US law, you have the right to:

• Request access to your personal data as it is processed and stored by us;
• Correct or delete your personal data that we hold unless Nox is legally required to retain it;
• Restrict or object to our processing of your personal data;
• Lodge a complaint; and
• Opt out of “sale” of your personal data.

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with a signed written document permission stating that the agent is authorized to make the request on your behalf. Your agent may contact us via the information provided above to make a request on your behalf. If you are submitting a request through an authorized agent, we may, as permitted by law, require: 

• The authorized agent to provide proof that you gave the authorized agent signed permission to submit the request.
• You to verify your identity directly with us.
• You to directly confirm with us that you have provided the agent with your permission to submit the request on your behalf.

Subject to applicable law, we may not discriminate against you for exercising any of the above-listed rights or any other rights under the CCPA or similar U.S. state comprehensive privacy laws, including by: 

• Denying you goods or services.
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
• Providing you a different level or quality of goods or services.
• Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

California law requires that Nox indicate whether it honors “Do Not Track” settings in your browser concerning targeted advertising. “Do Not Track” is a standard that is not currently in use by Nox. As it is not currently in use, Nox adheres to the standards set out in this Privacy Notice and does not monitor or follow any Do Not Track browser requests.

Marketing opt-out: You may opt out of marketing communications by contacting us using our online form or you may email us at privacy@noxmedical.com or call (844) 475-3376 to submit an inquiry.

Contact: Please contact us as described in Section 17 for more information or to exercise a request regarding your US privacy rights. 

Supervisory Authority: If you are concerned about Nox’s compliance with US laws relating to the privacy of your personal data, you may contact your Attorney General’s Office.

List of Attorneys General: https://www.naag.org/find-my-ag/ 

Contact Information

Should you have any questions about this Privacy Notice or our privacy practices, please contact us at the appropriate address below.

Nox Medical, LLC.
Data Privacy and Security Officer
100 Kimball Place, Suite 100
Alpharetta, GA 30009 

Tel. (844) 475-3376.

Fax. (678) 669-2274

privacy@noxmedical.com 

You may also contact  your local supervisory authority.