REX MD PRIVACY AND PERSONAL INFORMATION POLICY
Date of last revision: 9-24-19

Introduction

Rex MD, Inc. (“Rex”, “rex MD” “we”, or “us”) owns and operates the websites located at www.rexmd.com and www.rex.md and may have previously, now or in the future own and/or operate a rex MD mobile application (collectively, the "Platform"). Your access and use of the Platform, and part thereof, or anything associate therewith, including its content (“Content”), any products or services provided through the Platform or otherwise by rex MD, and any affiliated website, software or application owned or operated by rex MD (collectively, including the Platform and the Content, the “Service”) are subject to this Privacy Policy unless specifically stated otherwise. Capitalized terms not otherwise defined in this Privacy Policy have the same meaning as set forth in the rex MD Terms and Conditions (“Terms and Conditions”).

We respect the privacy of users of the Service. This privacy policy (“Privacy Policy”) toprovide transparency on how rex MD collects, uses and discloses information in order toprovide you with the Service.

As with our Terms and Conditions, by creating, registering, or logging into an account through the Service, or otherwise accessing or using the Service, you are automatically accepting and acknowledging the most recent version of this Privacy Policy. IF we makeany changes to our Privacy Policy, we will post the revised Privacy Policy and update the “Last Revised” date on our Privacy Policy.

If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy

• This privacy policy does not apply to the practices of companies that Rex MD does not own or control, or of persons that Rex MD does not employ or manage, including any third-party content contributors bound by contract and any third-party websites to which Rex MD websites link.

No Use by Minors Permitted

Our Service is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. The Service is not designed or intended to attract, and is not directed to, children under eighteen (18) years of age, let alone thirteen (13) years of age. If we obtain actual knowledge that we have collected personal information through the Platform from a person under thirteen (13) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.

Furthermore, if you are under eighteen (18) years of age, then you (or your parent or legal guardian) may at any time request that we remove content or information about you that is posted on the Platform. Please submit any such request (“Request for Removal of Minor Information”) to either of the following:

• By mail: Conversion Labs, Rx LLC DBA: rex MD, Attn: Privacy Officer, 800 Third Avenue, Suite 2800, New York, NY 10022, with a subject line of “Removal of Minor Information. If you send by mail, please send by U.S. Certified Mail, ReturnReceipt Requested to allow for confirmation of mailing, delivery and tracking.
• By email: [email protected], with a subject line of “Removal of Minor Information”

For each Request for Removal of Minor Information, please state “Removal of Minor Information” in the email or letter subject line, and clearly state the following in the body of the request:

• The nature of your request
• The identity of the content or information to be removed
• The locations of the content or information on the Platform (e.g.) by providing the URL)
• That the request is related to the “Removal of Minor Information”
• Your name, street address, city, state, zip code and email address and whether you prefer to receive a response to your request by mail or email.

We will not accept any Request for Removal of Minor Information via telephone or facsimile. Rex MD is not responsible for failing to comply with any Request for Removal of Minor Information that is incomplete, incorrectly labeled or incorrectly sent.

Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires Rex MD to maintain the content or information; when the content or information is stored on or posted to the Site by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when Rex MD anonymizes the content or information, so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.

The foregoing is a description of Rex MD’ voluntary practices concerning the collection of personal information through the Service from certain minors, and is not intended to be an admission that Rex MD is subject to the Children’s Online Privacy Protection Act, the Federal Trade Commission’s Children’s Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.

Protected Health Information

When you set up an account with Rex MD, you are creating a direct customer relationship with Rex MD that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you provide information to Rex MD, including but not limited to, your name, email address, shipping address and phone number, that we do not consider to be “protected health information”or “medical information”.

However, in using certain components of the Service, you may also provide certain protected health or medical information that may be protected under applicable laws. Rex MD is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”). One or more of the Pharmacies or Medical Groups (as defined in our Terms and Conditions may or may not be a “covered entity” or “business associate” under HIPAA, and Rex MD may in some cases be a “business associate” of a Pharmacy or Medical Group. It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with Rex MD, the Medical Groups, the Providers or the Pharmacies. To the extent Rex MD is deemed a “business associate” however, and solely in its role as a business associate, Rex MD, may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide to the Medical Group or the Providers (“PHI”). In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI,“Protected Information”), will be used and disclosed only in accordance withsuch applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws

The Medical Groups and Providers have adopted a Notice of Privacy Practices that describes how they use and disclose Protected Information. By accessing or using any part of the Service, you are acknowledging receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).

By accessing or using any part of the Service, you are agreeing that even if HIPAA doesapply to Rex MD, the Medical Groups, the Providers or the Pharmacies, any informationthat you submit to Rex MD that is not intended and used solely for the provision of diagnosis and treatment by the Medical Group and Providers or prescription fulfillment by the Pharmacies, is not considered Protected Information, and will only be subject to our Privacy Policy and any applicable state laws that govern the privacy and security of such information.

Collection and Use of Information

• You can visit the websites of Rex MD without revealing any personal information. However, Rex MD needs certain personal information if you wish to purchase ourproducts, register for an affiliate account, or receive Rex MD's newsletter and exclusive email special offers.
• Where required, this information may include your personal contact information. Rex MD will use this information to reply to your inquiries, to provide you with requested products and services, to set up your member's account, and to contact you regarding new products and services.
• By accessing the services of Rex MD and voluntarily providing us with the requested personal information, you consent to the collection and use of the information in accordance with this privacy policy.
• Rex MD, as do the other sites you visit, automatically receives and records high tech non-personal information on our server logs from your browser including your IP address, cookie information and the page you requested. Rex MD may use this information to customize the information, advertising and content you see and to fulfill your requests for certain products and services; with the ultimategoal to ensure your shopping experience is of the highest quality. You can be assured, Rex MD does not connect this non-personal data to any personal information collected from you.
• In connection with providing the Service, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including,but not limited to: verifying your identity; confirming your location; administering your account; fulfilling your payments’ processing your payments’ facilitating yourmovement through Service; facilitating your use of the Service and/or products orservices offered through the Service; communicating with you by letter, email, text, telephone or other forms of communication; providing you with information about Rex MD, the Pharmacies, the Medical Groups, the Providers and/or their business, products and services by letter, email, text, telephone or other forms of communication; providing you with customer support; providing you with information about third-party businesses, products and services by letter, email, text, telephone or other forms of communication; developing, testing or improvingthe Service and content, features and/or products or services offered via the Service; identifying or creating new products, services, marketing and/or promotions for Rex MD or the Service; promoting the marketing Rex MD, the Service, and the products and/or services offered via the Service; improving userexperience with the Service; analyzing traffic to and through Service; Analyzing user behavior and activity on or through the Service; conducting research and measurement activities for purposes of product and services research and develop, advertising claim substantiation, market research, and other activities related to Rex MD, the Service or products and services offered via the Service; monitoring the activities of you and others on or through the Service; placing and tracking orders for products or services on your behalf; protecting or enforcing Rex MD’s rights and properties; protecting or enforcing the rights and properties of others (which may include you); when required by applicable law, court order or other governmental authority (including, without limitation and by way of example only, in response to a subpoena or other legal process); or Rex MD believes in good faith that such use is otherwise necessary or advisable (including, without limitation and by way of example only, to investigate, prevent or take legal action against someone who may be causing injury to, interfering with, or threatening the rights, obligations or properties of Rex MD, a user of the Service, which may include you, or anyone else who may be harmed by such activities or to further Rex MD’s legitimate business interests).
• Rex MD ensures your information is safe and secure, and will NEVER be sold.

Information Sharing and Disclosure

• Rex MD may disclose your personal information to sister sites Rex MD who workon behalf of Rex MD to provide complementary products and services requested by you. We will share personal information for these purposes only as our sister sites Rex MD have privacy policies that mirror ours or who agree to abide by our collective policies with respect to personal information.
• Rex MD may otherwise disclose your personal information when:
  • We have your express consent to share the information for a specified purpose;
  • We need to respond to subpoenas, court orders or such other legal process;
  • We need to protect the personal safety of the users of our websites or defend the rights or property of Rex MD;
  • We find that your actions on our websites violate the Rex MD terms or anyof our usage guidelines for specific products or services.

Display Advertising

• Rex MD has implemented display advertising and uses remarketing with Google analytics to communicate and advertise online. It means that third-party vendors, including Google, show our ads on sites across the Internet to ensure you stay informed of our latest specials and products of interest.
• Rex MD along with third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to our website. This is typical with your other website browsing activities.

Consent

• If you do not consent to the collection, use or disclosure of your personal information as outlined in this policy, please do not provide any personal information to Rex MD. If you have provided personal information to Rex MD andno longer consent to its use or disclosure as outlined herein, please notify Rex MD at [email protected]

Security

• Unfortunately, no data transmission over the Internet can be considered 100% secure. However, your Rex MD information protected for your privacy and security. In certain areas of our websites, as identified on the site, Rex MD uses industry-standard SSL-encryption to protect data transmissions.
• We also safeguard your personal information from unauthorized access, through access control procedures, network firewalls and physical security measures.
• Further, Rex MD retains your personal information only as long as necessary to fulfill the purposes identified above or as required by law.

Data Retention

Rex MD may retain your information for as long as it believes necessary; as long as necessary to comply with its legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Service or Rex MD. Rex MD may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by Rex MD or as required by law.

Similarly, the Medical Groups and Providers may retain your information for as long as they believe necessary; as long as necessary to comply with their respective legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Medical Groups and Providers. The Medical Groups and Providers may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by the Medical Groups or Providers or as required by law.

Jurisdictional Issues

The Service may only be used within certain states within the United States as described in our Terms and Conditions. Accordingly, this Privacy Policy, and our collection use, and disclosure of your information, is governed by U.S. law.

Third Parties

This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information or other practices of any third parties, including, without limitation, the Medical Group or its Providers, the manufacturer of your mobile device, and any other third party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the Medical Group’s Notice of Privacy Practices and the privacy policies of each website and application you visit and use.

Retention, Review, and Change of Information Collected

You may request at any time that Rex MD provide you with an opportunity to review andchange your personal information (i.e., information that would allow someone to specifically identify you or contact you physically or online such as your name, physical address, telephone number, email address or SSN) collected through the Service or to no longer use your personal information to provide you with any products or services. Please submit any such request (“Request Concerning Personal Information”) to anyone of the following:

• By mail: Conversion Labs, Rx LLC DBA: rex MD, Attn: Privacy Officer, 800 Third Avenue, Suite 2800, New York, NY 10022, with a subject line of “Your Personal Information.”
• By email:[email protected], with a subject line of “Your Personal Information.”

For each Request Concerning Personal Information, please state “Your Personal Information” in the email or letter subject line, and clearly state the following in the body:

• the nature of your request;
• that the request is related to “Your Personal Information;”
• your name, street address, city, state, zip code and email address; and
• whether you prefer to receive a response to your request by mail or email.

We will use reasonable efforts to deal with your request within a reasonable time. If you send a Request Concerning Personal Information by mail, then please do so by U.S. Certified Mail, Return Receipt Requested to allow for confirmation of mailing, delivery and tracking. Rex MD will not accept a Request Concerning Personal Information via telephone or facsimile. Rex MD is not responsible for any Request Concerning Personal Information that is incomplete, incorrectly labeled, or incorrectly sent.

You are solely responsible for the accuracy and content of your personal information, and for keeping your personal information current and correct.

California Residents

Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, hasdisclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to [email protected] with the subject heading “California Privacy Rights.” In your request, please attest to the fact thatyou are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.

Miscellaneous

We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.

When using the Service, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Service all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. Wedo not currently respond to web browser “do not track” signals or other mechanisms thatprovide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy.

Rex MD may supplement, amend, or otherwise modify this Privacy Policy at any time. Such supplements, amendments and other modifications will be posted on this or a similar page of the Service, and shall be deemed effective as of the “Last Updated” date; provided, however, that Rex MD will notify you and/or require you to accept the updated Privacy Policy if the supplemented, amended or otherwise modified Privacy Policy implements material changes from Rex MD’ then-current Privacy Policy. It is yourresponsibility to carefully review this Privacy Policy each time you visit, access or use the Service.

Contacting Us

If you have questions or suggestions about this privacy policy or your own personal information, please e-mail us at [email protected] or by regular mail at:

Conversion Labs RX
DBA: Rex MD
800 Third Avenue, Suite 2800
New York, NY 10022
Attn: Privacy Officer