PHDX mPRO^sm PRIVACY POLICY

Revised December 2012

This PhDx Privacy Policy (the “Privacy Policy”) is incorporated into and is a part of the PHDX TERMS AND CONDITIONS OF USE. Please read the PhDx Terms and Conditions of Use in addition to this Privacy Policy.

PhDx Systems, Inc., and PhDx® mPRO^sm offer a variety of websites (including mprospine.com), mobile applications, health outcomes calculators, select promotional offers and other services and applications (collectively, the "Services") related to spine health.

In this Privacy Policy, PhDx Systems, Inc. is referred to as “PhDx,” “we,” “us,” or “our.” A person that accesses and uses the Services is referred to as “you” or a “user.”

General Scope

We recognize that in deciding whether or not to provide information to us by accessing and using the Services, you want to understand how we may use or disclose your information. This Privacy Policy describes what information is collected by us in connection with your use of the Services and how we use and disclose that information.

This Privacy Policy applies to personal information (including health information) and location information (as both terms are defined below) that you voluntarily disclose to PhDx or that is obtained by PhDx in the course of providing the Services to you.

Your Consent to the uses and disclosures of your information as described in the Privacy Policy

By accessing and using the Services and disclosing personal information and location information to us in connection with your use of the Services, you consent and agree that we may collect, retain, use, and disclose personal information and location information about you as described in this Privacy Policy. If you do not agree to the collection, retention, uses, and disclosures of your information as described in this Privacy Policy, you should not use the Services.

Information We Collect and How We Use It

In order for you to gain access to and use the Services, you may be required to provide to us the following types of information:

Personal Information

When you sign up for Services and as you continue to access and use the Services, we will ask you to voluntarily provide personal information to us. Personal information is any information that identifies you personally, either alone or in combination with other information available to us.

Personal information may include, but is not limited to:

• Demographic information, such as your name, email address, date of birth, and account password;
• The phone number or other identifying number assigned to your mobile device along with other pertinent information concerning the device, including the name of the applicable wireless carrier/provider;
• Information concerning your health and physical characteristics; and
• Any User Content, as defined in the PhDx Terms and Conditions of Use.

Location Information

Some Services, including PhDx mobile applications, require you to disclose location information. Location information includes, but is not limited to, any information we derive in order to identify your geographic position. This information may be collected from your wireless carrier, certain third party service providers, or directly from your browser or mobile device. The collection and tracking of your location information may occur even when your browser or mobile application is not actively open and running. Your location information however is only displayed and shared in accordance with your established privacy settings on your browser or mobile device.

We may combine your personal information and your location information with information from other Services or third parties in order to provide you with an enhanced experience or to improve the overall quality of the Services.

Cookies

When you visit PhDx.com, we send one or more cookies (small text files) that contain a string of characters to your computer that uniquely identify your browser. Cookies do not identify you personally, but these identification fields are linked with other information that could personally identify you. More importantly, cookies permit us to offer you more personalized Services and a better online experience. In addition, we use cookies to improve the quality of the Services by storing your preferences and tracking User trends, such as how people search. Most browsers are initially set up to accept cookies, but you can reset your browser to reject all cookies or to provide an alert when a cookie is being sent. Some PhDx features and Services, however, may not function properly if you disable cookies.

Log File Information

When you access or use PhDx.com or the Services, our servers automatically record information from your computer or mobile device and web browser. These server logs may include, but are not limited to, information such as your web requests, internet protocol address, browser type, browser language, the date and time of your request, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, cookies that may uniquely identify your browser, and elements employed in the PhDx mobile applications.

User Communications

When you send an email or other communication to PhDx, we may retain those communications in order to process your inquiry, respond to your request, and improve the Services.

Links

PhDx may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our search technology, customized content, and advertising.

Other Sites

This Privacy Policy applies to the websites and the Services that are owned and operated by PhDx. We do not exercise control over the sites displayed as search results or links from with our various Services. These other sites may place their own cookies or other files on your computer, collect data, or solicit personal information from you.

Use & Disclosure of Personal Information and Location Information

In General

PhDx only collects, retains, uses, and discloses personal information and location information for the purposes of the development and operation of the Services and as described in this Privacy Policy and any specific privacy notices set forth for select Services. In addition to the uses and disclosures described above, other uses and disclosures include:

• Operating, maintaining, and providing Users all of the features of the Services, including the display of customized content and advertising;
• Providing the basic functionality of PhDx mobile applications;
• Establishing contact with Users to deliver special offers, promotions or other information;
• Auditing, research and analysis in order to maintain, protect, and enhance the Services;
• Ensuring the functionality and usability of PhDx.com and the Services;
• Installing and monitoring elements for security, credit and fraud prevention purposes;
• Creating User profiles that permit us to better understand what information a given User might like to receive from us;
• Providing Users with information and notices related PhDx;
• Inviting Users to participate in surveys conducted by PhDx or its customers or affiliates; and
• Improving our marketing and promotional efforts.

PhDx processes personal information related to our Services in the United States of America.

Health Related Information

Some of the Services collect and process information related to your health. We use this health information in providing the Services to you. In addition, we retain, use and disclose your health information in combination with the health information of other Users and health information obtained from other sources for research purposes.

In certain circumstances, Federal and state laws, including the HIPAA Regulations, impose duties and obligations with respect to the use and disclosure of health information. Because PhDx is not, in connection with the provision of the Services, subject to the HIPAA Regulations, the privacy and security requirements of the HIPAA Regulations do not apply with respect to health information and other personal information disclosed to us in connection with your use of the Services. To the extent the HIPAA Regulations or any other Federal or state law may apply with respect to health information and other personal information disclosed to us in connection with your use of the Services, you consent and agree to the collection, retention, and the uses and disclosures of such information as described in this Privacy Policy.

PhDx will retain, use and disclose health information and other personal information disclosed to us in connection with your use of the Services as follows:

• To provide the Services to you; and,
• For research purposes, including but not limited to Related Research Studies as provided below;
• As required by law.

PhDx provides research services to third parties, including health care providers and medical device manufacturers (Third Party Research Services”). Some Users may be participants in one or more current or future research studies for which PhDx provides Third Party Research Services (a “Related Research Study”). If you are a participant in a Related Research Study, health information and other personal information collected from you as a result of your use of the Services may be linked to and combined with health information and other personal information processed by PhDx as a part of Third Party Research Services and utilized in the Related Research Study. When included with health information and other personal information processed by PhDx in connection with a Related Research Study, the combined information, including health information and other personal information obtained by PhDx as a result of your use of the Services, will be used and disclosed in connection with the Related Research Study as permitted under the protocols and documents governing the Related Research Study. That may include disclosure of your health information and other personal information to researchers and sponsors involved in the Related Research Study and for other research purposes.

Choices for Personal Information

When you sign up for a Service, you will be asked to provide personal information that we will collect, retain, use and disclose as described in this Privacy Policy. If we intend to use or disclose this information in a different manner, then we will ask you for your consent prior to such use or disclosure. If we propose to use or disclose personal information for any purposes other than those described in this Privacy Policy, we will offer you an effective way to opt out of such use or disclosure of personal information for such identified other purposes. In addition, you may decline to submit personal information to any of the Services; consequently, however, PhDx may not be able to provide the Services to you.

Service Providers

PhDx may share personal information collected with companies and organizations that perform certain support of business related services for use, including, but not limited to data storage, web hosting and payment processing.

Additional Disclosure of Personal Information

PhDx only discloses your personal information with others outside of PhDx in the following limited circumstances:

• The disclosure is consistent with this Privacy Policy;
• The disclosure is to trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy; or
• We have a good faith belief that disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request; (b) enforce our Terms and Conditions of Use, including investigation of potential violations thereof; (c) investigate and defend ourselves against third-party claims or allegations; (d) detect, prevent, or otherwise address fraud; (e) protect and safeguard the integrity and security of the Services; (f) resolve any technical issues; or, (g) protect against imminent harm to the rights, property or safety of PhDx, its Users or the public as required or permitted by law.

Business Transfers and Sharing of Personal Information

Personal information submitted to PhDx will become part of our normal records. If we become involved in a merger, acquisition, or any form of sale of any or all our assets, we will provide notice before your personal information is transferred and becomes subject to a less restrictive privacy policy. In the negotiation of any potential merger, acquisition, or sale of PhDx, we may share with third parties certain aggregated, non-personal information. Such information does not identify you individually. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your personal information is treated, transferred, or used.

Please contact us mprospine.com/contact for any additional questions about our collection, retention, use or disclosure of personal data.

Information Security

PhDx takes appropriate security measures to protect against unauthorized access to or unauthorized alteration, use, disclosure or destruction of your information. These measures include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where User data is collected, stored, and/or maintained. PhDx, however, cannot warrant or ensure the security of any information that we receive on behalf of Users in order to permit them to access the Services or any information that a User discloses to us. We also cannot guarantee that any such information will not be accessed, used, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. We restrict access to personal information to PhDx employees, contractors, and agents who need to know that information in order to operate, develop, or improve PhDx.com or the Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

Data Integrity

We take reasonable steps to ensure that in processing your personal information we maintain the accuracy and completeness of information that your have disclosed to us. You are responsible for the accuracy of any information you provide to us.

Third Party Advertisers and Ad-Serving Companies

Advertisements that appear on PhDx or in connection with the Services are sometimes delivered (or “served”) directly to Users by third-party advertisers or ad network companies. These companies may automatically receive a User’s IP address or other information about his or her mobile device or personal computer when serving advertisements. These third parties may also download cookies to a User’s computer, or use other technologies such as JavaScript and “web-beacons” (also known as (“1x1 gifs”) to measure the effectiveness of the advertisements served and to personalize advertising content. Doing this allows the advertiser or ad network to recognize a User’s computer or mobile device each time he or she sends a User an advertisement in order to measure the effectiveness of the ad and to personalize advertising content. These companies may compile information about the sites or services visited when seeing advertisements and determine which advertisements are clicked. PhDx does not access or have control of the cookies that may be placed by third-party advertisers or ad networks. Likewise, third party advertisers and ad networks do not have access to a User’s personal information stored with us unless you choose to share it with them. This Privacy Policy does not cover the use of tracking technologies or personal data by any such third-party advertisers or ad networks.

Privacy of Children

Neither PhDx nor the Services is directed at or targeted to children under the age of 13. For that reason, we do not employ our websites or Services to knowingly solicit personal information or location information from children under the age of 13. IF YOU ARE UNDER THE AGE OF 13 YEARS OF AGE, THEN PLEASE DO NOT USE OR ACCESS THE SERVICES AT ANY TIME OR IN ANY MANNER. If we learn that someone under the age of 13 has provided personal information or location information, we will use reasonable efforts to remove such information from our records. If you are a parent or guardian and discover that your child under the age of 13 has obtained a PhDx User account, then you may contact us, and request that we delete that child’s personal information and location information from our systems.

Internet Security

When a User logs into a PhDx websites, we require that a secure connection between a User’s computer and our server be established. We use technology called Secure Socket Layers (SSL), an encryption technology that works with most browsers. A secure connection is maintained until you leave the secure area of one of our websites. Although we use SSL encryption to safeguard the confidentiality of personal information as it travels via the Internet, ironclad security does not exist on the Internet, and accordingly, we cannot guarantee the safety of the transmission of any personal information over the internet.

Changes to our Privacy Policy

Our Privacy Policy may change at any time and without prior notice. Any revised version(s) of this Privacy Policy will be promptly posted on our websites. Each version of this Privacy Policy will be identified at the top of the page by its effective date. We will keep prior versions of our Privacy Policy in an archive for review by Users.

Your continued use of the Services constitutes your agreement to this Policy and any future revisions.

If you have any additional questions or concerns about this Policy, please feel free to Contact Us any time mprospine.com/contact.