Privacy is extremely important to CIONIC, and we understand it is extremely important to you. This statement tells you how we protect and use information that we gather through the CIONIC website and the CIONIC mobile application.

By using the CIONIC website or the CIONIC mobile application, you agree to the terms of the most recent version of this statement. Except as written in any other disclaimers, policies, terms of use, or other notices, this statement and the CIONIC Privacy Policy (https://cionic.com/privacy) are the complete agreement between you and CIONIC with respect to your use of the CIONIC website and the CIONIC mobile application.

Personal information is data that we can use to specifically identify you, such as your:

• Name
• Address
• Unique personal identifier (e.g., device ID, online identifier)
• Internet Protocol address
• Email address
• Telephone number
• Characteristics of protected classifications under state/federal law (e.g., age, race, sex, medical condition, etc.)
• Medical information
• Health insurance information
• Financial information, including credit card numbers
• Commercial information (e.g., purchase history)
• Internet or other electronic network activity information (e.g., browsing history, interaction with our website, etc.)
• Geolocation data
• Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings)
• Professional, employment-related, or other similar information
• In some places on the CIONIC website and the CIONIC mobile application you have the opportunity to send us personal information about yourself, to elect to receive particular information, or to participate in an activity like joining our newsletter

You also may choose to allow us to personalize your interactions with the CIONIC website, in which case we will ask you for certain personal information to make your visits to our website more helpful to you. When this information is combined with the information that we collect through cookies (described below), we will be able to tell that you have visited our website before and can personalize your access to our website, for example, by allowing you to access certain aspects of our website.

Who Will Follow This Statement

This statement describes the privacy practices of the CIONIC staff when they provide services in our offices and over videoconferences, phone calls, and emails. CIONIC staff may share your health information for product support, payment activities, and healthcare operations.

Federal and State Law

Federal and state laws require CIONIC to protect your health information and federal law requires CIONIC to describe to you how we handle that information. When federal and state privacy laws differ, and the state law is more protective of your information or provides you with greater access to your information, then we comply with the more stringent state law.

As a supplier of medical equipment, Cionic complies with the Durable Medical Equipment, Prosthetics, Orthotics and Supplies (DMEPOS) standards found in 42 CFR 424.57

Your Rights

CIONIC respects the dignity and pride of each individual we serve. Every customer has the right to have his/her/their rights respected without regard to age, gender, disability, race, color, ancestry, citizenship, religion, pregnancy, sexual orientation, gender identity or expression, national origin, medical condition, marital status, veteran status, payment source or ability, or any other basis prohibited by federal, state, or local law. Each individual shall be informed of their rights and responsibilities in advance of administering care.

When it comes to your health information, you have rights. You may contact CIONIC’s HIPAA privacy team at to exercise the following rights:

Get an electronic or paper copy of your medical record

• You can ask to receive an electronic or paper copy of your medical record and other health information we have about you.
• You have to put your request in writing, and we will provide you with access to your medical record.

Additional Applicable State Law Requirements:

California law generally requires access to be provided within five business days. We will provide a copy or, if you prefer, a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your medical record

• You can ask us to correct health information about you that you think is incorrect or incomplete. You have to put your request in writing.
• We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

• You can ask us to contact you in a specific way (for example, by home or office phone) or to send mail to a different address.
• We require you to ask us in writing, but we will honor any reasonable request.

Ask us to limit what we use or share

• You can ask us, in writing, not to use or share certain health information for services, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your ability to properly use our products.
• If you pay for a service or product out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

• You can ask for a list (accounting) of the times we’ve shared your health information for up to six years prior to the date you ask, with whom we’ve shared it, and why.
• We will include all the disclosures except for those you had already asked us to make. We’ll provide one accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

• If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
• We will make sure the person has this authority and can act for you before we take any action.

File a HIPAA-related complaint if you feel your rights are violated

• If you feel we have violated your rights, you may complain by contacting our HIPAA privacy officer at privacy@cionic.com.
• You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.
• We will not retaliate against you for filing a complaint.

To file any other complaint, contact the California Department of Public Health:

https://www.cdph.ca.gov/Pages/contact_us.aspx

Licensing and Certification
Sacramento District Office
3901 Lennane Drive, Suite 210
Sacramento, CA 95834
(916) 263-5800

In addition to the rights noted above, you have the right to:

1. Refuse delivery of the Cionic Neural Sleeve.
2. Receive a clear explanation about your condition and how the Cionic Neural Sleeve can help your condition.
3. Prompt delivery and to be fully informed on the use, and care of the Cionic Neural Sleeve.
4. Have CIONIC staff communicate in a language that is understandable to you.
5. Expect that all information will be kept in strictest confidence.
6. Have your personal privacy respected.
7. Expect all devices to be clean and in good repair.
8. Have your property respected during visits.
9. Have any questions answered promptly, correctly and courteously.
10. Have personal, cultural, and ethnic preferences considered.
11. Participate in planning how service will be provided to you, and to be informed of all options if the need to transfer care arises.
12. Expect a resolution to any problem or complaint.
13. Express dissatisfaction and suggest changes without coercion, discrimination, reprisal, or unreasonable interruption in service.
14. Be given timely, appropriate, and quality professional services without discrimination.
15. Request a detailed explanation of your bill for products and services.
16. Have competent and qualified people carry out the services for which they are responsible.
17. Report concerns about customer safety without fear or reprisal.
18. Be given reasonable notice of discontinuation of service.
19. Transparent communication including disclosures in a timely manner if any problems arise that affect you: informing you directly if a breach occurs (if your “Protected Health Information” (PHI) is ever mistakenly exposed).

Your Responsibilities

You have the responsibility to:

1. Provide accurate and complete health information concerning your medical history, past use of the Cionic Neural Sleeve, and any change in address, doctor, insurance carrier, billing information, and prescriptions.
2. Assist in developing and maintaining a safe home environment for the proper utilization of our equipment
3. Follow instruction in care and use of the Cionic Neural Sleeve.
4. Request further information concerning anything you do not understand.
5. Treat CIONIC associates with respect, courtesy and consideration.
6. Order supplies or refills on a timely basis to accommodate reasonable delivery.
7. Have someone at home when delivery is scheduled.
8. Pay all invoices that are due; not covered by insurance.
9. Accept the consequences of any refusal or choice of noncompliance, including changes in reimbursement eligibility.
10. Dial “911” whenever a life threatening medical emergency arises.
11. Comply with your physician’s orders and plan of care.
12. Contact us about any equipment malfunction or defect, and allow our staff to correct the problem.
13. To report to us any concerns about patient safety or occurrences of patient falls.
14. Pay for the replacement costs of any equipment damaged, destroyed, or lost due to misuse, abuse, or neglect.

Your Choices

For certain health information, you can tell us your choices about what we share.

Let us know if you have a clear preference for how we share your information in the situations described below. We will follow your instructions where we can.

In these cases, you have both the right and choice to tell us to:

• Share (or not share) information with your family, close friends or others involved in your care
• Share information in an emergency situation

Our Uses and Disclosures

We may keep and use personal information we collect from you to provide you with access to the CIONIC website and the CIONIC mobile application. In addition, we may keep and use your personal information:

• to respond to your requests
• to personalize your access the CIONIC website and the CIONIC mobile application
• for analytical purposes and to research, develop and improve programs, products, services and content
• to enforce this Privacy Statement and other rules about your use of this website
• to protect someone's health, safety or welfare
• to protect our rights or property
• to comply with a law or regulation, court order, or other legal process

CIONIC will not share your personal information with an unrelated third-party without your permission, except as otherwise provided in this statement.

We may share your health information in a HIPAA compliant manner for the following purposes:

Product Services

We can use your health information and share it with partners who are providing Cionic products and services to you. We may use your health information to provide you with services in our locations or in your home. We may also share your health information with others who provide care to you such as hospitals, nursing homes, doctors, physical therapists, or others involved in your care.

Run our organization

We can use and share your health information to improve our services and contact you when necessary.

Cionic may use and share your health information to support necessary software development, legal, auditing, financial, and clinical functions. Examples of these functions may include: analyzing our cost of services, arranging for user satisfaction surveys, fundraising, and determining the need for new software improvements and services.

Bill for your services

We can use and share your health information to bill and get payment from health plans or other entities.

Legal Requirement

We may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting website visitors who violate our rules or engage in behavior which is harmful to other visitors (or illegal).

Third Party Disclosures

We may disclose your personal information to third parties if we feel that the disclosure is necessary to:

• enforce this Privacy Statement and the other rules about your use of this website
• protect our rights or property
• protect someone's health, safety or welfare
• fulfill obligations relating to a corporate sale, merger, dissolution, or acquisition
• comply with a law or regulation, court order or other legal process

Please note: In addition to the ways that we may keep, disclose, and use information described in this statement, we also may keep, disclose, and use personal information in ways that we believe are consistent with FDA and other governmental guidance, directions, regulations, and laws, including HIPAA, where applicable.

Collecting Online Information

If you visit our website to read or download information, such as information about a health condition or about one of our products, we may collect certain information about you from your computer or mobile device. This information may include:

• The name of the domain from which you access the Internet
• The IP address of the device you are usingThe Internet Protocol address (“IP Address”) of the device you are using
• The type of browser and operating system you are using
• The date and time you access our website
• The internet address of the site from which you linked directly to our website
• Which pages you have visited on our website (note: U.S. healthcare providers, please see the 'uses of personal information' described below)
• The search terms you use
• The links on which you click

Cookies

We also collect information through cookies, pixels, web beacons, and similar technologies (“cookies”), that work through placing a small file (like a text file or graphic) in your browser files. Cookies are used to collect information for business purposes, such as enabling essential website functions and improving the user experience. You are free to decline our cookies if your browser permits, but some parts of our website may not work properly for you if you do so. CIONIC may use third-party tracking, advertising, and content providers to act on our behalf to track and analyze your usage of our sites and to enable certain essential website functions, such as navigation. These companies protect that data in accordance with their privacy policies. These third parties may collect, and share with us, as we may request, website usage information about visits to our sites, measure and research the effectiveness of our advertisements, and track page usage and paths followed during visits through our sites. Also, these third-party providers may place our Internet banner advertisements on other sites that you visit, and track use of our Internet banner advertisements and other links from our marketing partners' sites to our sites. To the extent the information collected on CIONIC’s behalf by these third parties contains any personally identifiable information, we will protect it in accordance with this statement. Please refer to your browser Help instructions to learn more about managing cookies.

Google Analytics

We use Google Analytics to understand how users interact with the CIONIC website and the CIONIC mobile application and to improve how our business communicates its commercial message online. Google Analytics is a service provided by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043). Google Analytics uses cookies, which transmit anonymized or truncated personal data to a Google server. The information generated by a Google Analytics cookie helps us evaluate the use of the website and mobile application, compile reports on activity, and provide us with other services relating to activity and usage.

You can find more information about Google’s data protection practices and terms of use by visiting Google’s websites at https://www.google.com/analytics/terms/us.html and https://policies.google.com/privacy.

You can prevent Google from collecting and processing cookie-generated data relating to your use of a website by downloading and installing the browser plug-in available at the following link: https://policies.google.com/privacy.

How Else Can We Use or Share Your Health Information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.

Help with public health and safety issues

We can share health information about you for certain situations such as:

• Preventing disease
• Helping with product recalls
• Reporting adverse reactions
• Reporting suspected abuse, neglect, or domestic violence
• Preventing or reducing a serious threat to anyone’s health or safety

Do research

We can use or share your health information for research with approved partners. We will make best efforts to anonymize your data prior to sharing with any research partner unless we have a pre-existing agreement to not anonymize shared data.

Comply with the law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Address workers’ compensation, law enforcement, and other government requests

We can use or share health information about you:

• For workers’ compensation claims
• For law enforcement purposes or with a law enforcement official
• With health oversight agencies for activities authorized by law
• For special government functions such as military, national security, and presidential protective services

Respond to lawsuits and legal actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Business Associates

There are some services provided in our organization through contracts with business associates. Examples include surveying for user satisfaction and research into future product offerings. When services are provided by contracted business associates, we may disclose the appropriate portions of your health information to them so they can perform the job we have asked them to do. However, our business associates are also required by law to safeguard your information.

Other Uses of Health Information

Uses and disclosures of health information that are not discussed by this notice or required by law will only be made with your written permission. We comply with state and federal laws that require extra protection for your health information. If you provide us permission to use or disclose health information about you, you may revoke that permission, in writing, at any time.

Our Responsibilities

• We are required by law to maintain the privacy and security of your protected health information.
• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
• We must follow the duties and privacy practices described in this notice and give you access to it.
• We will not use or share your information other than as described here unless you tell us we can in writing. You may change your mind at any time by letting us know in writing.

Changes to the Terms of this Notice

We may change our Notice of Privacy Practices from time to time. The changes will apply to all health information we have about you. The new notices will be on the CIONIC website at https://cionic.com/privacy and https://cionic.com/data-disclosure

Contact

If you have any questions, you may contact: privacy@cionic.com