PRIVACY POLICY WITHINGS

Withings Privacy Policy (this “Privacy Policy”) outlines how Withings Inc. (“Withings”, “we”, “our”, or “us”) collects, processes, retains, and discloses your personal information when providing services to users through our website, applications, products, and services (our “Services”).

This Policy applies to Withings’ consumers who are residents in US States. If users are based in California, specific terms apply to this Policy So please, visit the specific addendum at the bottom of this page for more information on the way Withings processes personal information of California residents.

YOUR PRIVACY AT THE HEART OF OUR SOLUTIONS

We thank you for your trust and do our best to honor it. Respect for privacy is a core principle that we place at the heart of our strategy for developing our products and services. We are committed to a process of continuous improvement to ensure the utmost respect for your personal information. If you have any questions please contact us.

SUMMARY

I. FEW KEY CONCEPTS

The personal health information you entrust to us is sensitive data that we process in accordance with ithe highest security standards.

II. SOURCE OF THE PERSONAL INFORMATION WE PROCESS

This policy aims to inform you on the processing carried out on your Personal Information by Withings as data controller when you visit our website, when you use the products and services, when you browse on the application and when you contact customer support.

III. YOUR CONSENT

Your consent is collected in specific cases. You may withdraw it at any time.

IV. PROCESSING PERSONAL INFORMATION

We process all Personal Information (as identified below) for a specific purpose. We retain Personal Information for a specified period of time.

V. DATA RETENTION

We retain your Personal Information only for as long as necessary to achieve the purposes described in this Privacy Policy. Retention periods may vary depending on the categories of data and processing as well as applicable legal requirements. At the end of the retention period, your Personal Informationdata will be deleted or deidentified using processes and methods that comply with personal information protection standards.

VI. HOSTING, TRANSFER AND SECURITY OF DATA

Your Personal Information is hosted in the European Union and may be transferred to our partners located outside the EUEEA. WITHINGS will take several steps in the event of a data leak.

VII. EXERCISING YOUR RIGHTS

Depending on the state you live in, you may have specific rights to your Personal Information. You can exercise your rights by contacting us at privacy@withings.com. You may also file a complaint with the relevant data protection supervisory authority, depending on your state or territory.

VIII. PATIENT PRIVACY POLICY

This Privacy Policy applies only to Consumers, as defined by applicable state laws. Specific provisions regarding the collection and use of your Personal Information, its security and sharing with third parties apply to you if you use our Remote Patient Monitoring ("RPM") services.

IX. PRIVACY POLICY FOR THE USERS OF THE CARDIO CHECK-UP FEATURE Specific provisions relating to the collection and use of Personal Information relating to you apply when you use the Cardio Check-up service

X. WITHINGS’S USAGE POLICY OF ITS DISTINCTIVE SIGNS (INCLUDING TRADE MARKS) FOR THIRD PARTIES Withings’s distinctive signs are among our most valuable assets. They represent the Withings brand and need to be used by our partners according to the following policy (“the policy”).

XI. GENERAL INFORMATION

This Privacy Policy is subject to the General Terms and Conditions.

XI. CALIFORNIA PRIVACY ADDENDUM

If you are a California resident, visit our California Notice at Collection and Privacy Policy Addendum at the bottom of this web page.

I. FEW KEY CONCEPTS

This Privacy Policy applies to the use of the Withings App published by WITHINGS. Withings App is an application (web and mobile) with paid versions (for the users of Withings +) that focuses on three areas: (i) health monitoring, (ii) motivation maintenance, (iii) installation of WITHINGS products. Withings App can be used alone or in conjunction with our products.

1.1. Personal Information relating to you

« De-identified data » refers to the process of removing specific identifiers from protected health information (PHI) so that the information no longer identifies an individual and there is no reasonable basis to believe it can be used to identify an individual.

« Pseudonymized Data » means Personal Information that is not directly linked to a natural person without the use of additional information.

« Personal Information » means any information relating to an identified or identifiable individual. This includes all kinds of information: last name, first name, postal address, e-mail address, etc. It also covers the notion of Personally Identifiable Information (PII).

« Health Data » means personal information relating to your past, present or future state of health (physical or mental). Health Data is particularly sensitive data and is therefore subject to special protection measures.

II. SOURCE OF THE PERSONAL INFORMATION WE PROCESS

Personal Information is collected when you visit our website, use our Products and Services, or browse on the App.

2.1. Our website. Regarding the data collected on the website of WITHINGS, please refer to our Cookies Policy.

2.2. Use of Products and Services. The use of our products and services generates the creation of Personal Information in the following cases:

a. Account creation. When you create a WITHINGS account, you fill in personal information relating to your identity, such as your name, surname(s), age, email address. This account allows you to access the Personal Information generated during the use of the Products and Services, and it also allows you to modify certain data.

b. Use of our Products and Services. When you use our Products and Services, Health Data is collected. The data collected will depend on the device you use and how you use it. You may consult the Privacy User Guide to learn about all categories of Personal Information processed by our Products and Services.

c. Partner Applications. When you connect your App account with third-party applications or products, data from the App will be synchronized with those applications. You can also consent so WITHINGS may also collect data from these third-party applications or products to improve your experience and our Services. You can modify or withdraw your consent directly in the settings of your Withings App.We invite you to read the privacy policy of these third-party applications. This policy applies only to Products and Services offered by WITHINGS.

d. Targeted communication. To offer you communications tailored to your products and habits, we create groups of users with similar interests. Defining these user groups allows us to send you content tailored to your needs and provide you with an optimal experience when using your Withings app and products. These groups also enable us to send you tailored advertising content on third-party partner platforms. We never share any information about your health with these partners, only some personal data to enable the partners to identify you so they can deliver tailored advertising content. Withings may send you an email asking you to update your consent to receive targeted communications. These platforms are data processors for processing the display of this advertising content. You can object to the sending of targeted communications at any time in your “Communication preferences” of the application.

e. Customer Support. When you contact customer support, certain Personal Information relating to your WITHINGS account may be momentarily accessible by our teams depending on the problem encountered, such as data relating to the Products you use. No Health Data is accessible to our customer support staff without your prior consent. In order to assist you, we may require you to verify your identity by providing Personal Information.

f. Event tracking. Some Personal Information is collected automatically when you use the Products and Services, including through the use of tracking devices. We collect technical information such as: IP addresses, language, operating system, location (as authorized by you), and smartphone information (model, version…).

III. YOUR CONSENT

Your consent is collected in specific cases. You may withdraw it at any time.

3.1. COLLECTION OF YOUR CONSENT. We collect your consent to process Personal Information for:

1. Participating in our research programs;
2. Sharing your Personal Information with third-party partner applications;
3. Enabling dual authentication (2FA);
4. Marketing communications (implicit consent is used).
5. Activating the ECG functionality on ScanWatch
6. Display of the path taken via the Withings App during an activity
7. WITHINGS+ program and personalization of your experience (additional services)
8. Sending your Personal Information to our partner for ECG rereading and the possibility for the partner doctor to contact you again if they consider it necessary

3.2. WITHDRAWAL OF YOUR CONSENT. At any time, you can withdraw your consent. To do so, simply:

• 1. Delete your account (here) ;
• 2. Uncheck "Research Center" in your notification center (Android / iOS) ;
• 3. Remove the connection with third-party applications ;
• 4. Remove double authentication in your account settings (Android / iOS) ;
• 5. Uncheck "Promotional offer" in your notification center (Android / iOS).

IV. PROCESSING PERSONAL INFORMATION

4.1. NECESSITY OF PROCESSING. We collect Personal Information from you for the different purposes listed below. If you do not wish to provide your consent, you will not be able to access certain parts of the Products and Services, or services offered by our customer support.

4.2. LIST OF PROCESSING.
A) USE OF OUR PRODUCTS AND SERVICES
1. Purchase and delivery of your WITHINGS products and services via our website

• PROCESSES DATA: Name / First name / Email address / Postal address / Phone number / Credit card number / IP address / MAC address of the purchased product
• RETENTION PERIOD: WITHINGS must retain billing data for 10 years due to legal requirements. When you sign up for a Withings+ subscription, your bank details may be stored with one of our partners to simplify the renewal of your subscription

2. Withings App account creation

• PROCESSED DATA: Email address / Date of birth / First and last name / Password (optional) / IP address / MAC address / Profile picture (optional) / Height / Weight
• RETENTION PERIOD: Data is retained until you delete your Withings App account

3. Graphic presentation of your Data, including Health Data, via Withings App

• PROCESSED DATA: Physiological and technical data collected when using our Products and Services. For more details regarding the health data collected by our various products, please refer to our User Guide.
• RETENTION PERIOD: Data is retained until deletion of your Withings App account. You may also delete certain data via your Withings App

4. Optional sharing of Personal Information with third-party applications

• PROCESSED DATA: The data shared vary depending on the product used
• RETENTION PERIOD: Data is shared until sharing is deactivated or the user account is deleted

5. Display of the path taken via the Withings App during an activity

• DATA PROCESSED: Location data in the context of physical activity
• DURATION OF RETENTION: The data is kept until the user account is deleted

6. WITHINGS+ program and personalization of your experience (additional services)

• DATA PROCESSED: User ID / Weight objective / Muscular mass / Fat mass
• DURATION OF RETENTION: The data is kept until the user account is deleted

7. Weather display on scales

• DATA PROCESSED: IP address / Geographic location
• DURATION OF RETENTION: The data is kept until the user account is deleted

8. Activation of the ECG functionality on ScanWatch

• PROCESSED DATA: Name / First name / Date of birth / Phone number / E-mail address / State of residence
• RETENTION PERIOD: Data is retained 7 years by the supplier, Heartbeat Health

9. The use of artificial intelligence algorithms to provide you with a personalized experience (Applicable only to users of the Withings+ service)

• DATA PROCESSED: Your Personal Information, such as your first name, age, height, weight,gender, and Health Data are processed to provide you with Withings+ services. Only Pseudonymized Data is shared with third-party AI engines, meaning direct identifiers are not shared, and the engine cannot identify you directly.
• RETENTION PERIOD: The data is kept until the user account is deleted

B) COMMUNICATION & SUPPORT

1. Creation and management of user groups (segmentation)

• DATA PROCESSED: E-mail address, User ID, data regarding the products used, your interactions with Withings
• RETENTION PERIOD: Data is retained as long as your account is active or when you no longer wish to be notified

2. Sending marketing communications adapted to your profile (via email, notifications or third party platforms)

• DATA PROCESSED: E-mail address, User ID, user groups
• RETENTION PERIOD: Data is retained as long as your account is active or when you no longer wish to be notified

3. Sending communications concerning the activation of new features (via email or notifications)

• DATA PROCESSED: Email address, user ID, audience group
• RETENTION PERIOD: Data is retained as long as your account is active or when you no longer wish to be notified.

4. Improvement of the navigation on the Site

• DATA PROCESSED: Connection data see cookie policy
• CONSENT PERIOD: 6 months
• RETENTION PERIOD : see cookie policy

5. Customer support - Requests made on our Help Center (Chatbot included)

• DATA PROCESSED: E-mail address / Name / First name / Historic of previous purchases / Content of the request / Technical device data
• DURATION OF RETENTION: The data associated with the ticket is kept for a maximum of 10 years or until the user account is deleted.

6. Customer support - Requests made via Withings official social networks accounts

• DATA PROCESSED: Name / First name / Content of the request / Username.
• DURATION OF RETENTION: The data associated with the ticket is kept for a maximum of 10 years or until user account is deleted.

7. Feedback on the Customer support experience

• DATA PROCESSED: E-mail address
• DURATION OF RETENTION: The data associated with the ticket is kept for a maximum of 5 years.

8. Vigilance of WITHINGS products

• DATA PROCESSED: Name / First name / E-mail address / Address / Phone number / Age / Description of the adverse incident and its consequences / Pathologies (only for adverse incidents happening during a clinical study)
• DURATION OF RETENTION: 15 years from the day of notification.

9. Anonymization of your interactions on the Withings mobile application and products in order to improve your experience

• DATA PROCESSED: Interactions carried out on the mobile application and products (taking a measurement, using a feature, etc.)

C) SECURITY AND EXERCISING YOUR RIGHTS

1. Activation of the double authentication (2FA)

• PROCESSED DATA: Phone number
• RETENTION PERIOD: The phone number is retained until the user account is deleted or this feature is deactivated

2. Prevention and fight against computer fraud and cyberattacks

• PROCESSED DATA: Pseudonymized data relating to the different actions performed by the User
• RETENTION PERIOD: One year from the date of registration of the action

D) RESEARCH & DEVELOPMENT

1. Sending out "Research Questionnaires" and analyzing the responses received

• PROCESSED DATA: User ID. The content of the questionnaire varies according to the issues addressed
• RETENTION PERIOD: Pseudonymized Data is retained until the account removal

2. De-identificationof data for research purposes

• PROCESSED DATA: Health data needed to conduct the study

3. Carrying out research in the public interest

• DATA PROCESSED: Data deemed relevant to the study
• RETENTION PERIOD: Personal Information is kept until deemed necessary depending on the study. This information will be shared to you through the information notice.

4. Product and Service Improvement (including algorithm performance improvement and statistics))

• DATA PROCESSED: The relevant data related to the realization of these processing. It is exclusively pseudonymized data
• RETENTION PERIOD: Personal Information is kept until the user account is deleted

4.3. DATA SHARING. We only share such data in circumstances described below:

a. Your control over the Data. You may ask us to disclose information to others, such as when you use our community features like forums or programs that require sharing with third parties. You can change your choices at any time by changing your account settings or by visiting our Help Center.

b. Internal and Legitimate Sharing. Personal Information may be processed by the employees of WITHINGS SAS, a French company and the parent of WITHINGS INC., and its subsidiaries, within the limits of their respective responsibilities and exclusively for the purposes described in this Privacy Policy.

c. Use of our subcontractors. We share certain Personal Information with subcontractors, who are experts in their field, in order to supply the Products and Services. Our subcontractors are required to comply with applicable state and federal laws. They process the shared Personal Information only for the intended purpose. Our subcontractors help us to provide you with high quality products and services.

d. Use of ScanWatch in the United States. WITHINGS may share certain Personal Information (name, date of birth, email, address, phone number) with Heartbeat Health, Inc., a U.S. company, which provides you with services such as the prescription necessary for the ECG functionality of the device, the organization of teleconsultations with our health professional partners, the provision of advice on your health. Your consent to receive text messages from Heartbeat Health is required to activate the ECG functionality on your device. Please see Heartbeat Health's privacy policy for more information.

e. Legal reasons. We may share Personal Information relating to you when required by law, upon request of a court, in connection with a legal proceeding, or if we believe in good faith that disclosure is reasonably necessary to (a) investigate, prevent, or take action regarding suspected or actual unlawful activities, or to assist public authorities; (b) investigate and defend against any third-party claims or accusations; or (c) protect our Services’ security or integrity. We will notify you of any legal proceedings that require access to your Personal Information, unless we are prohibited by law from doing so. Where a court order specifies a period of non-disclosure of the request to data subjects, we will send you a deferred notification after the non-disclosure period has expired.

V. DATA RETENTION

5.1. RETENTION PERIOD. The retention period indicated in the list of treatments depends on the type of data, the purpose or our legal obligations. If you ask us to do so, WITHINGS will delete your data from its servers and will ask its subcontractors involved in the processing to perform the same operation. We use subcontractors to manage backup data. This data will be used in case of operational problems to ensure the continuity of our services and products. Please note that, for security reasons, we are not able to reflect the deletion or modification of data on backups already made, in order to protect the integrity of the backup data.

5.2. INACTIVE USER ACCOUNT. Your Withings App account will be considered inactive if for 10 years (i) you have not used the mobile or web application, (ii) you have not performed any measurements with the Withings products associated with the account, and (iii) you have not clicked on any link contained in an email sent by WITHINGS. You will receive an email notification 90 days before your account is considered inactive, giving you the opportunity to continue your WITHINGS experience. If no action is taken on your part, your account and associated data will be deleted in accordance with this Privacy Policy.

5.3. DEIDENTIFIED DATA. WITHINGS may deidentify your data in accordance with the applicable security standards and regulations. Once deidentified, it no longer identifies you and is no longer Personal Information. WITHINGS uses the data in this form to participate in research projects.

5.4. DATA SHARED WITH THIRD PARTIES. If you have chosen to share your data from WITHINGS Products and Services with third parties, we cannot ensure the deletion or deidentification of such data. We invite you to contact the third party for more information.

VI. HOSTING, TRANSFER AND SECURITY OF DATA

6.1. HOSTING IN EUROPE. Our Services are provided by our Platform certified for the processing of health data via a European host located in the European Union. The processed Health Data are not transferred outside the territory of the European Union.

6.2. SUBCONTRACTORS. Other data may be communicated with partners located outside the European Union for specific purposes (such as telecommunication or security of banking transactions). The list of our subcontractors is available here.

6.3. SECURITY. We invite you to consult our dedicated page.

VII. EXERCISING YOUR RIGHTS

You may exercise your rights by contacting us at privacy@withings.com.

7.1. YOUR RIGHTS. You may have the following rights independently or with our assistance.

a. Right to be informed. You may have the right to know how data concerning you is processed by Withings. This policy aims to inform you about how we process your Personal Information in the context of the use of products and services, your use of the website and your navigation on the application. This Policy is intended to provide you with this information in the clearest possible manner. For any additional questions, please do not hesitate to contact us. You can also consult our User Privacy Guide.

b. Right of Access. ou can access the Personal Information about you processed, collected or stored by WITHINGS. You can find this information directly from your account or via Customer support.

c. Right of rectification. If you find that the data about you is inaccurate, you may have the right to request its correction. Some personal information can be changed directly from your Withings App account.

d. Right of Limitation and Right to Object. If you find that any data about you is inaccurate, you may ask us to stop processing that data until the situation is corrected. You may also ask Us to stop processing Data relating to you.

e. Right to Erasure. You may request the deletion of Personal Information relating to you. We will assist you in deleting Personal Information via your your account or Customer Support.

f. Right to Portability. You may request that we send you the Personal Information relating to you so that you can share it with another company. Details on how to exercise your right to portability are available in our Help Center, under the Data Import and Export section.

g. Automated individual decision-making and profiling We do not use your Personal Information to make automated individual decisions or profiling.

7.2. ASSISTANCE IN EXERCISING YOUR RIGHTS.

You may exercise your rights at any time by writing to privacy@withings.com. Proof of identity may be requested if we have no other way to verify that you are the owner of the account to which the data relates. WITHINGS processes all requests that are not excessive in nature within the time limits set by the GDPR.

7.3. ASSISTANCE OF THE LOCAL AUTHORITIES

In case of disputes related to this Privacy Policy, you may contact the relevant local authorities.

VIII. REMOTE PATIENT MONITORING PRIVACY POLICY

This Privacy Policy applies only to Consumers, as defined by applicable state laws. Specific provisions regarding the collection and use of your Personal Information, its security and sharing with third parties apply to you if you use our Remote Patient Monitoring ("RPM") services. This processing of Personal Information is governed by the Privacy Policy of the healthcare professionals using the WRPM Services. In case of any question you may have regarding this processing of your personal data, you can directly contact your healthcare professional.

8.1. SCOPE OF APPLICATION

a. Applicability to Patient Users. We also collect and use the Personal Information relating to you in the context of the use of the Withings App in the context of the WITHINGS remote patient monitoring (“WRPM”) services. This Privacy Policy, as well as the following specific provisions (« WRPM ») services. This Privacy Policy, as well as the following specific provisions ("Patient Privacy Policy"), applies to Personal Information that We collect from Patient Users.

b. Patient Users Terms of Use. This Patient Privacy Policy is part of the WITHINGS Patient Users Terms of Use available here. By accessing or using our Patient Users Services, you acknowledge that you have read and agree to the applicable Terms of Use. If you do not agree, you must cease using our Patient Users Services. We will notify you if there are any material changes to Our Patient Privacy Policy.

8.2. PATIENT USERS’ RIGHTS. Some information is sent by your healthcare professional and is therefore not directly under our control. Questions or concerns about your medical records or Personal Information provided to us by your healthcare professional should be directed to your healthcare professional. This information is not under the direct control of WITHINGS.

IX. PRIVACY POLICY FOR THE USERS OF THE CARDIO CHECK-UP FEATURE

Specific provisions relating to the collection and use of your Personal Information apply when you use the Cardio Check-up service. This feature allows you to benefit from the rereading of your ECG by a certified doctor.

This rereading is carried out by our trusted partners to ensure the protection of your Personal Information. If you reside in Europe, your Personal Information is shared with our partner DPV Analytics and will be processed by the latter according to its own privacy policy. If you reside in the United States, your Personal Information is shared with our partner Heartbeat Health and will be processed by the latter according to its own privacy policy.

This processing of Personal Information is necessary for the purposes described below.

9.1 Sending your Personal Information to our partner for ECG rereading DATA PROCESSED: name, first name / age / weight, height, ECG data and all health data concerning you. LEGAL BASIS: consent

9.2. The possibility for the partner doctor to contact you again if they consider it necessary DATA PROCESSED: telephone number

9.3. Sending marketing communications from our partners DATA PROCESSED: email address

X. GENERAL INFORMATION

Applicability of our general terms and conditions. The present privacy policy is subject to the General Terms and Conditions of Withings, Inc.

Changes to our Privacy Policy. We regularly update this Privacy Policy, and will provide notice of any significant changes to this policy as required by law. The date this Privacy Policy was last updated is identified at the top of the page. We may email or otherwise communicate reminders about this policy, but you should check our Services periodically to see the current Privacy Policy and any changes we have made to it.

Contact Information. To ask questions or comment about this privacy policy or our privacy practices, contact us at privacy@withings.com

XI. CALIFORNIA PRIVACY ADDENDUM

This California Notice at Collection and Privacy Policy Addendum (this “CA Privacy Addendum”) governs the Personal Information we collect from California residents (“you”), including when you use our Services, and in connection with data that we may make available to you.

APPLICABILITY OF THIS PRIVACY POLICY

This CA Privacy Addendum applies to Withings, Inc. in our role as a “business” under the CCPA and CPRA and does not apply to Personal Information provided to us by our Withings Health Solutions Customers (“Customers”), which we process pursuant to their instructions.

INFORMATION WE COLLECT ABOUT YOU Personal Information category chart. We process the same Personal Information as the ones mentioned in the Policy and concern the following categories of Personal Information :

• Identifiers such as real name, postal address, internet Protocol address, email address.
• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) such as phone number, phone number, bank account number, credit card number, debit card number, or any other financial information, medical information..
• Characteristics of Legally Protected Classifications such as age, medical condition, sex.
• Commercial Information such as Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Biometric information such a physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as physical patterns, and sleep, health, or exercise data
• Internet or other Electronic Network Activity Information
• Geolocation Data such as Physical location or movements[, such as the time and physical location related to use of our internet website, application, or device[, and GPS location data from mobile devices of consumers who visit our websites or use our mobile apps].]
• Inference Data such as Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes.

Sensitive Personal Information categories chart. Sensitive Personal Information is a subtype of Personal Information consisting of the specific information categories listed in the chart below. The chart below identifies which sensitive Personal Information categories, if any, we have collected from consumers to infer characteristics about them in the last 12 months. We process the same Sensitive Personal Information than the ones mentioned in the Privacy and concern the following categories of Sensitive Personal Information :

• Complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password;
• Precise geolocation, such as physical store visits or physical locations when visiting websites or using mobile apps;
• Unique identifying biometric information;
• Health information;
• Sex life. Record Retention. We may retain your personal information for as long as necessary to fulfill the purpose(s) for which it was collected, to comply with legal or regulatory requirements and in accordance with the retention periods mentioned in the Privacy.

Personal Information Collection, Use, and Disclosure Purposes. We may use and disclose the Personal Information including Sensitive Personal Information we collect for the same purposes as the ones mentioned in the Policy.

We may disclose the Personal Information we collect to third parties for the business purposes described in the Policy and in the table below, such as to engage third parties to support our business functions. We only make business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, prohibit using the disclosed information for any purpose except performing the contract, and meet the CCPA's other contract requirements for engaging service providers or contractors.

The categories of entities to whom we have disclosed our consumers' Personal Information for a business purpose over the preceding 12 months, along with the Personal Information categories disclosed and the disclosure's business purposes are the following :

• Order fulfillment and shipping providers to deliver the Products you purchased from Withings
• Customer Service Support Providers for supporting customers with using our products and services including online account management and troubleshosting.
• Advertising networks providers to deliver you marketing communications
• Cloud data storage providers to store and manage your Personal Information
• Payment Service provider to allow to buy our products and services on Withings.com website
• External healthcare providers for Cardiocheckup functionality described in the Policy
• Artificial Intelligence Systems providers to deliver you with artificial intelligence insights if you have subscribed to Withings + Service.

Selling or sharing Personal Information.

Withings does not sell your personal information for monetary or other valuable consideration to third parties, and we have not done so in the preceding the twelve (12) months.

We may share your Personal Information with third parties for cross-context behavioral advertising purposes in the preceding 12 months with our marketing partners in order to offer you ads relevant to your interests.

YOUR RIGHTS AND CHOICES.

In addition of the rights already mentioned in the Policy, the CCPA grants you the following rights regarding your Personal Information:

Personal Information Sales or Sharing Opt-Out and Opt-In Rights. You have the right to request that businesses stop sharing your Personal Information at any time (the "right to opt-out"), including through a user-enabled opt-out preference signal.

Similarly, the CCPA prohibits businesses from sharing the Personal Information of consumers it actually knows are under 16 years old without first obtaining consent from consumers who are between 13 and 15 years old or the consumer's parent or guardian for consumers under age 13 (the "right to opt-in")

We cannot share your Personal Information after we receive your request to opt-out unless you later consent to the sale or sharing of your Personal Information.

Right to Non-Discrimination. You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under the CCPA.

Exercising your Rights. To exercise the right described above, please submit a verifiable request to us by either:

• Emailing us at privacy@withings.com
• Visiting our website: https://support.withings.com

Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice within a 12-month period.

Responding to Your Requests to Know, Delete, or Correct. We will confirm receipt of your request within ten business days. If you do not receive confirmation within the ten-day timeframe, please contact privacy@withings.com

We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address or other agreed upon method. Our substantive response will tell you whether or not we have complied with your request. If We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address or other agreed upon method. Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Information that we hold about you, or we may have destroyed, deleted, or made your Personal Information anonymous in compliance with our record retention policies and obligations.

Any disclosures we provide will cover information for the 12-month period preceding the request's receipt date. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Response and Timing on Rights to Limit or Opt-Out. In response to your request to limit or opt-out, we will process your request, as soon as feasibly possible, but no later than 15 business days from the date we receive the request. We will only use Personal Information provided from your request to comply with the request. We may deny opt-out requests if we have a good-faith, reasonable, and documented belief that the request is fraudulent and will clearly explain our denial decision to the requestor.

Verification Process and Authorized Agents. Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your Personal Information. We may request specific information from you or your authorized representative to confirm your or their identity before we can process your right to know, delete, or correct your Personal Information. We cannot respond to your request to know, delete, or correct if we cannot verify your identity or authority to make the request and confirm the Personal Information relating to you. For requests to limit or opt-out, we ask for the information necessary to complete the request, which may include, for example, the consumer's name, email address, or account username.

Contact Information. If you have any questions or comments about this policy, the ways in which we collect and use your information described here, or your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Website: Withings Customer Support
Email: privacy@withings.com
Postal Address:
225 Franklin Street, Suite 1250
Boston, MA 02110
Attn: Legal