ONLINE PRIVACY POLICY AGREEMENT

September 30, 2022

GoodHealth Associates PLLC values its users’ privacy. This Privacy Policy (“Policy”) will help you
understand how we collect and use personal information from those who visit our website or make use
of our online facilities and services, and what we will and will not do with the information we collect.
Our Policy has been designed and created to assure those affiliated with GoodHealth Associates PLLC of
our commitment and realization of our obligation not only to meet, but to exceed, most existing privacy
standards.

We reserve the right to make changes to this Policy at any given time. If you have not registered with us
and want to make sure that you are up to date with the latest changes, we advise you to frequently visit
this page. If you are a registered user, we will notify you via email of any changes or updates made to
this Policy. If at any point in time GoodHealth Associates PLLC decides to make use of any personally
identifiable information on file, in a manner vastly different from that which was stated when this
information was initially collected, the user or users shall be promptly notified by email. Users at that
time shall have the option as to whether to permit the use of their information in this separate manner.

This Policy applies to GoodHealth Associates PLLC, and it governs any and all data collection and usage
by us. Through the use of https://www.goodhealthprimary.com, you are therefore consenting to the
data collection procedures expressed in this Policy.

Please note that this Policy does not govern the collection and use of information by companies that
GoodHealth Associates PLLC does not control, nor by individuals not employed or managed by us. If you
visit a website that we mention or link to, be sure to review its privacy policy before providing the site
with information. It is highly recommended and suggested that you review the privacy policies and
conditions of any website you choose to use or frequent to better understand the way in which websites
garner, make use of and share the information collected.

Specifically, this Policy will inform you of the following
What personally identifiable information is collected from you through our website;
Why we collect personally identifiable information and the legal basis for such collection;
How we use the collected information and with whom it may be shared;
What choices are available to you regarding the use of your data; and

The security procedures in place to protect the misuse of your information.

Information We Collect

It is always up to you whether to disclose personally identifiable information to us, although if you elect
not to do so, we reserve the right not to register you as a user or provide you with any products or
services. This website collects various types of information, such as:
Voluntarily provided information which may include your name, address, email address, billing and/or
credit card information etc. which may be used when you purchase products and/or services and to
deliver the services you have requested. Information automatically collected when visiting our website,
which may include cookies, third party tracking technologies and server logs.

In addition, GoodHealth Associates PLLC may have the occasion to collect non-personal anonymous
demographic information, such as age, gender, household income, political affiliation, race and religion,
as well as the type of browser you are using, IP address, or type of operating system, which will assist us
in providing and maintaining superior quality service.

GoodHealth Associates PLLC may also deem it necessary, from time to time, to follow websites that our
users may frequent to gleam what types of services and products may be the most popular to customers
or the general public.

Please rest assured that this site will only collect personal information that you knowingly and willingly
provide to us by way of

surveys, completed membership forms, and emails. It is the intent of this site to use personal
information only for the purpose for which it was requested, and any additional uses specifically
provided for in this Policy.

Why We Collect Information and For How Long

We are collecting your data for several reasons:
To better understand your needs and provide you with the services you have requested;
To fulfill our legitimate interest in improving our services and products;

To send you promotional emails containing information we think you may like when we have your
consent to do so;
To contact you to fill out surveys or participate in other types of market research, when we have your
consent to do so;
To customize our website according to your online behavior and personal preferences.

The data we collect from you will be stored for no longer than necessary. The length of time we retain
said information will be determined based upon the following criteria: the length of time your personal
information remains relevant; the length of time it is reasonable to keep records to demonstrate that
we have fulfilled our duties and obligations; any limitation periods within which claims might be made;
any retention periods prescribed by law or recommended by regulators, professional bodies or
associations; the type of contract we have with you, the existence of your consent, and our legitimate
interest in keeping such information as stated in this Policy.

Use of Information Collected

GoodHealth Associates PLLC does not now, nor will it in the future, sell, rent or lease any of its customer
lists and/or names to any third parties.

GoodHealth Associates PLLC may collect and may make use of personal information to assist in the
operation of our website and to ensure delivery of the services you need and request. At times, we may
find it necessary to use personally identifiable information as a means to keep you informed of other
possible products and/or services that may be available to you from
https://www.goodhealthprimarycare.com

GoodHealth Associates PLLC may also be in contact with you with regards to completing surveys and/or
research questionnaires related to your opinion of current, potential, or future services that may be
offered.

Disclosure of Information

GoodHealth Associates PLLC may not use or disclose the information provided by you except under the
following circumstances:
as necessary to provide services or products you have ordered;

in other ways described in this Policy or to which you have otherwise consented;
in the aggregate with other information in such a way so that your identity cannot reasonably be
determined;
as required by law, or in response to a subpoena or search warrant;
to outside auditors who have agreed to keep the information confidential;
as necessary to enforce the Terms of Service on our website;
as necessary to maintain, safeguard and preserve all the rights and property of GoodHealth Associates
PLLC.

Non-Marketing Purposes

GoodHealth Associates PLLCgreatly respects your privacy. We do maintain and reserve the right to
contact you if needed for non- marketing purposes (such as bug alerts, security breaches, account
issues, and/or changes in GoodHealth Associates PLLC products and services, or changes to this Policy).
In certain circumstances, we may use our website, newspapers, or other public means to post a notice.

Children under the age of 13

GoodHealth Associates PLLC’s website is not directed to, and does not knowingly collect personal
identifiable information from, children under the age of thirteen (13). If it is determined that such
information has been inadvertently collected on anyone under the age of thirteen (13), we shall
immediately take the necessary steps to ensure that such information is deleted from our system’s
database, or in the alternative, that verifiable parental consent is obtained for the use and storage of
such information. Anyone under the age of thirteen (13) must seek and obtain parent or guardian
permission to use this website.

Unsubscribe or Opt-Out

All users and visitors to our website have the option to discontinue receiving communications from us
by way of email or newsletters. To discontinue or unsubscribe from our website please send an email
that you wish to unsubscribe to info@goodhealthtn.com. If you wish to unsubscribe or opt-out from any
third-party websites, you must go to that specific website to unsubscribe or opt-out. GoodHealth
Associates PLLC will continue to adhere to this Policy with respect to any personal information
previously collected.

Links to Other Websites

Our website does contain links to affiliate and other websites. GoodHealth Associates PLLC does not
claim nor accept responsibility for any privacy policies, practices and/or procedures of other websites.
Therefore, we encourage all users and visitors to be aware when they leave our website and to read the
privacy statements of every website that collects personally identifiable information. This Policy applies
only and solely to the information collected by our website.

Notice to European Union Users

GoodHealth Associates PLLC’s operations are located primarily in the United States. If you provide
information to us, the information will be transferred out of the European Union (EU) and sent to the
United States. (The adequacy decision on the EU-US Privacy became operational on August 1, 2016. This
framework protects the fundamental rights of anyone in the EU whose personal data is transferred to
the United States for commercial purposes. It allows the free transfer of data to companies that are
certified in the US under the Privacy Shield.) By providing personal information to us, you are consenting
to its storage and use as described in this Policy.

Your Rights as a Data Subject

Under the regulations of the General Data Protection Regulation (“GDPR”) of the EU you have certain
rights as a Data Subject. These rights are as follows:
The right to be informed: this means we must inform you of how we intend to use your personal data
and we do this through the terms of this Policy.

The right of access: this means you have the right to request access to the data we hold about you and
we must respond to those requests within one month. You can do this by sending an email to
info@goodhealthtn.com.

The right to rectification: this means that if you believe some of thedata we hold is incorrect, you have
the right to have it corrected. You can do this by logging into your account with us, or by sending us an
email with your request. You can do this by sending an email to info@goodhealthtn.com.

The right to erasure: this means you can request that the information we hold about you be deleted,
and we will comply unless we have a compelling reason not to, in which case you will be informed of the
reason. You can do this by sending an email to info@goodhealthtn.com.

The right to restrict processing: this means you can change your communication preferences or opt-out
of certain communications. You can do this by sending an email to info@goodhealthtn.com.

The right of data portability: this means you can obtain and use the data we hold for your own purposes
without explanation. If you wish to request a copy of your information, contact us at
info@goodhealthtn.com.

The right to object: this means you can file a formal objection with us regarding our use of your
information with regard to third parties, or its processing where our legal basis is our legitimate interest
in it. To do this, please send an email to info@goodhealthtn.com.
In addition to the rights above, please rest assured that we will always aim to encrypt and anonymize
your personal information whenever possible. We also have protocols in place in the unlikely event that
we suffer a data breach and we will contact you if your personal information is ever at risk. For more
details regarding our security protections see the section below or visit our website at
https://www.goodhealthprimarycare.com.

Security

GoodHealth Associates PLLC takes precautions to protect your information. When you submit sensitive
information via the website, your information is protected both online and offline. Wherever we collect
sensitive information (e.g. credit card information), that information is encrypted and transmitted to us
in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at
the beginning of the address of the webpage.

While we use encryption to protect sensitive information transmitted online, we also protect your
information offline. Only employees who need the information to perform a specific job (for example,
billing or customer service) are granted access to personally identifiable information. The computers and
servers in which we store personally identifiable information are kept in a secure environment. This is all
done to prevent any loss, misuse, unauthorized access, disclosure or modification of the user’s personal
information under our control.

The Company also uses Secure Socket Layer (SSL) for authentication and private communications to
build users’ trust and confidence in the internet and website use by providing simple and secure access
and communication of credit card and personal information.

Acceptance of Terms

By using this website, you are hereby accepting the terms and conditions stipulated within this Privacy
Policy Agreement. If you are not in agreement with our terms and conditions, then you should refrain
from further use of our sites. In addition, your continued use of our website following proper
notification or the posting of any updates or changes to our terms and conditions, shall mean that you
agree and accept such changes.

How to Contact Us

If you have any questions or concerns regarding this Privacy Policy as it relates to our website, please
feel free to contact us at the following email, telephone number or mailing address:

Email: info@goodhealthtn.com Telephone Number: 615-904-8911 Mailing Address:
GoodHealth Associates PLLC
625 N Highland Ave, Murfreesboro, Tennessee
37130

The data controller responsible for your personal information for the purposes of GDPR compliance is:
Dr Reita Aggarwal info@goodhealthtn.com

GDPR Disclosure:
If you answered “yes” to the question Does your website comply with the General Data Protection
Regulation (“GDPR”)? then the Privacy Policy above includes language that is meant to account for such
compliance. Nevertheless, in order to be fully compliant with GDPR regulations your company must
fulfill other requirements such as: (i) doing an assessment of data processing activities to improve
security; (ii) have a data processing agreement with any third party vendors; (iii) appoint a data
protection officer for the company to monitor GDPR compliance; (iv) designate a representative based
in the EU under certain circumstances; and (v) have a protocol in place to handle a potential data
breach. For more details on how to make sure your company is fully compliant with GDPR, please visit

the official website at https://gdpr.eu. FormSwift and its subsidiaries are in no way responsible for
determining whether or not your company is in fact compliant with GDPR and takes no responsibility for
the use you make of this Privacy Policy or for any potential liability your company may face in relation to
any GDPR compliance issues.

COPPA Compliance Disclosure:

This Privacy Policy presumes that your website is not directed at children under the age of 13 and does
not knowingly collect personal identifiable information from them or allow others to do the same
through your site. If this is not true for your website or online service and you do collect such
information (or allow others to do so), please be aware that you must be compliant with all COPPA
regulations and guidelines in order to avoid violations which could lead to law enforcement actions,
including civil penalties.

In order to be fully compliant with COPPA your website or online service must fulfill other requirements
such as: (i) posting a privacy policy which describes not only your practices, but also the practices of any
others collecting personal information on your site or service — for example, plug-ins or ad networks;
(ii) include a prominent link to your privacy policy anywhere you collect personal information from
children; (iii) include a description of parental rights (e.g. that you won’t require a child to disclose more
information than is reasonably necessary, that they can review their child’s personal information, direct
you to delete it, and refuse to allow any further collection or use of the child’s information, and the
procedures to exercise their rights); (iv) give parents “direct notice” of your information practices before
collecting information from their children; and (v) obtain the parents’ “verifiable consent” before
collecting, using or disclosing personal information from a child. For more information on the definition
of these terms and how to make sure your website or online service is fully compliant with COPPA
please visit https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-
protection-rule-six-step- compliance. FormSwift and its subsidiaries are in no way responsible for
determining whether or not your company is in fact compliant with COPPA and takes no responsibility
for the use you make of this Privacy Policy or for any potential liability your company may face in
relation to any COPPA compliance issues.

California Consumer Privacy Act (“CCPA”) Compliance Disclosure : The CCPA is a collection of privacy
laws enacted by the California legislature which is meant to protect Californians’ personal data from
being sold or used without their consent. The requirements of the CCPA apply to, among others,
businesses that (i) have a gross annual revenue of at least $25 million dollars; or (ii) buys, receives, or
sells personal information of 50,000 or more Californian consumers, households or devices; or (iii)
derives 50% or more of its revenue from the sale of personal information. If your business meets these
requirements or is otherwise based out of California, you must comply with the requirements of the
CCPA or risk facing fines, sanctions and civil penalties. For more information about CCPA and its

requirements please visit https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?
bill_id=201720180AB375. Please note that t he CCPA is scheduled to be updated by January 2023 with
new requirements and definitions so please be sure to check those regulations periodically to make sure
your Privacy Policy is up to date. FormSwift and its subsidiaries are in no way responsible for
determining whether or not your company is in fact compliant with the CCPA or any other privacy
regulations, and takes no responsibility for the use you make of this Privacy Policy or for any potential
liability your company may face in relation to any compliance issues.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Our Contacts