CCPA Notice Last Amended: December 11, 2023

applicability: Pursuant with the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 (collectively “CCPA”), and any other California privacy laws, this CCPA Notice applies to USARAD Holdings Inc.’s and its affiliates’ (collectively, the “Company”) Patients and Healthcare Professionals using the Company’s Platform and who are California residents (“consumers” or “you”). This CCPA Notice is an integral part of the Company’s Privacy Policy (“Privacy Policy”), and thus, definitions used herein but not defined herein or under the CCPA shall have the same meaning as defined in the Privacy Policy.

Unless stated otherwise under the Company’s additional privacy policies, this CCPA Notice applies to consumers Personal Information (as defined below), including employees’ and business-to-business Personal Information.

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:

A. CATEGORIES of PERSONAL information THE COMPANY COLLECTS

The Company collects Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below.

Personal Information further includes Sensitive Personal Information (“SPI”) as detailed in the table below.

Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; information excluded from the CCPA’s scope, such as: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

The Company has collected the following categories of personal information within the last twelve (12) months:

Category	Example	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	Yes: Online identifiers, Internet protocol address, unique identifiers, real name and email address. Healthcare Professionals’ information will also include their board certification and ancillary data.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes: name, signature, address, telephone number, credit card or debit card number and insurance policy number. Healthcare Professionals’ data would also include information obtained through their CV – such as education, employment and employment history.
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes: gender.
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	No
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	No
G. Geolocation data.	Physical location, approximate location derived from IP address or movements.	Yes: approximate location derived from IP address.
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	Yes: audio and visual remote interaction between the Patients and the applicable Healthcare Professionals.
I. Professional or employment-related information.	Current or past job history or performance evaluations.	No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No
L. Sensitive personal information.	Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life.	Yes: The Healthcare Professionals’ governmental license and permits.

B. Categories of Sources of Personal Information

Information you provide us directly – for example, when you register and create an Account or correspond with us.
Information received from third parties – for example, if you authorize us to contact your healthcare clinic in order to receive certain records as required for the Services.
Information received automatically – the Company will collect your online identifiers and Internet or other similar network activity as provided under category F under the table below automatically through the Company’s use of first or third-party tools.

C. USE OF PERSONAL INFORMATION

The Company may use the Personal Information collected as identified above, for the following purposes:

To fulfill or meet the reason you provided the Personal Information (create your Account, provide support, respond to a query, etc.);
Provide the Services;
Monitor and improve the Services;
Respond to law enforcement; or otherwise as detailed in the Company’s Privacy Policy.

The Company will not collect additional categories of Personal Information or use the Personal Information the Company collected for materially different, unrelated, or incompatible purposes without providing you notice.

D. DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE

The Company may disclose your Personal Information to a contractor or service provider for a Business Purpose. When we do so, the Company enters into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except for performing the contract. The Company further restrict the contractor and service provider from selling or sharing your Personal Information.

In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a Business Purpose:

Business Purpose (as defined under CCPA)	Category (corresponding with the table above)	Category of Recipient
Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes.	Category A Category G	Affiliated companies, operational partner, security and fraud prevention providers, operating systems.
Debugging to identify and repair errors that impair existing intended functionality.	Category A Category G	Analytic providers, operational partner, security and fraud prevention providers, operating systems.
Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.	Category A Category G	Data analytics providers; social media networks.
Performing services on behalf of the Company or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the Company or service provider.	Category A Category B Category C Category G Category H Category L	Payment processors, affiliated companies, operating systems, CRM, Healthcare Professionals, customer support, cloud computing and storage vendors, etc.
Undertaking internal research for technological development and demonstration.	Category A Category B Category C Category G Category H	Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools.
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned or controlled by the Company.	Category A	Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools.
Advancing the Company’s commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.	Category A Category B Category C	affiliates; operating systems and platforms and data analytics providers.

E. SALE OR SHARE OF PERSONAL INFORMATION

In the preceding twelve (12) months, the Company did not “sell” or “share” your Personal Information, as such terms are defined under the CCPA. Meaning, the Company did not share you Personal Information with third-parties for cross-contextual behavioral advertising, nor it disclosed your Personal Information for monetary or other valuable consideration.

F. CHILDREN UNDER AGE 16

Our Services are not intended for use by children and the Company does not knowingly collect or maintain information about anyone under the age of 18. please contact us at: dpo@nanox.vision if you have reason to believe that a child has shared any information with us.

G. DATA RETENTION

In general, the Company retains the Personal Information it collects for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt out, where applicable.

The retention periods are determined according to the criteria describe under the Privacy policy.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA and how to exercise them

H. YOUR RIGHTS UNDER THE CCPA

If you are a California resident, you may exercise certain privacy rights related to and as applicable to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law, all as described herein and the Data Subject Request form (“DSR“) available here.

California Privacy Right	Details
The right to know what Personal Information the Company has collected.	The right to know what Personal Information the Company has collected about the consumer, including the categories of personal information, the categories of sources from which the Personal Information is collected, the Company or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the Company discloses Personal Information, and the specific pieces of Personal Information the Company has collected about the consumer.
Deletion Rights.	The right to delete Personal Information that the Company has collected from the consumer, subject to certain exceptions.
Correct Inaccurate Information	The right to correct inaccurate Personal Information that the Company maintains about a consumer
Opt-Out of Sharing for Cross-Contextual Behavioral Advertising	If and to the extent applicable, you have the right to opt-out of the “sharing” of your personal information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.”
Opt-out from selling	The right to opt-out of the sale or sharing of Personal Information by the Company.
Limit the Use or Disclosure of SPI	Under certain circumstances, if the Company uses or discloses SPI, the right to limit the use or disclosure of SPI by the Company.
Opt-Out of the Use of Automated Decision Making	In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information.
Non-Discrimination	The right not to receive discriminatory treatment by the Company for the exercise of privacy rights conferred by the CCPA, including the right not to be retaliated, denying a consumer services, charging different prices or rates for services, providing you a different level or quality of services, etc. The Company may, however, charge different prices or rates, or provide a different level or quality of services, if that difference is reasonably related to the value provided to us by your Personal Information.
Data Portability	You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.

I. HOW CAN YOU EXERCISE THE RIGHTS?

You may exercise your rights through the DSR available here. The instructions for submitting, the general description of the process, verification requirements, when applicable, including any information the consumer must provide are all detailed in the DSR.

Note, certain rights can be done by you independently without using the DSR. For example, depending on your interaction with us:

you can opt-out from receiving emails from us by clicking the “unsubscribe” link within the email; and
you can delete and correct any information available in your Account, through your Account settings.

J. AUTHORIZED AGENTS

“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, the Company will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:

When a consumer uses an authorized agent to submit a request to know or a request to delete, the Company may require that the consumer do the following:

Provide the authorized agent signed permission to do so or power of attorney.
Verify their identity directly with the Company.
Directly confirm with the Company that they provided the authorized agent permission to submit the request.

The Company may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.

K. NOTICE OF FINANCIAL INCENTIVE

The Company do not offer financial incentives to consumers for providing Personal Information.

CONTACT US:

By email: dpo@nanox.vision

By mail: Nano-X Imaging Ltd., Communication Center Neve-Ilan 9085000, Israel.

UPDATES:

This CCPA notice was last updated on November XX, 2023. As required under the CCPA, the Company will update the CCPA Notice every 12 months. The last revision date will be reflected in the “Last Amended” heading at the top of this CCPA Notice.

PART III: OTHER CALIFORNIA OBLIGATIONS

Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how the Company deals with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, the Company do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.

California’s “Shine the Light” law (Civil Code Section § 1798.83): permits employees that are California residents to request certain information regarding the Company’s disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send us the DSR available here.