Headway Biometric Data Policy

Purpose and Scope

Therapymatch, Inc. d/b/a Headway, ("Headway") may collect, store, use, and disclose Biometric Data (as defined below) for identity verification purposes. To the extent that Headway or its service providers collect Biometric Data, this Biometric Data Policy (the "Policy") sets forth Headway's policy for the collection, use, safeguarding, storage, retention and destruction of Biometric Data.

Definitions

"Biometric Identifier" means a retina or iris scan, fingerprint, voiceprint, scan of hand, a facial map, facial template, or face geometry or any other unique biological, physical, or behavioral patterns or characteristics. Biometric Identifiers generally do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric Identifiers also do not include information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.

"Biometric Information" means any information, regardless of how it is captured, converted, stored, or shared, based on an individual's Biometric Identifiers, singly or in combination with other personal information, used or intended to be used to identify any individual. Biometric Information does not include information derived from items or procedures excluded under the definition of Biometric Identifiers.

"Biometric Data" means both or either of Biometric Identifier or Biometric Information.

Purpose for Collection of Biometric Data

Headway and its service providers may process Biometric Data about health care providers and patients ("Users") to verify identity (the "Purpose").

Authorization

When processing Biometric Data, Headway will:

1. Inform each User in writing that Headway and/or its service providers may be collecting, processing, storing or using the User's Biometric Data;
2. Inform each User in writing of the specific purpose, circumstances and manner of such collection, processing, storage or usage, including the length of time of storage, if applicable;
3. Inform each User in writing of the manner in which the User may opt out of the collection, processing, storage or usage of their Biometric Data; and
4. If the User consents to the collection, processing, storage or usage of their Biometric Data, receive a written release signed by the User authorizing Headway and its service providers to collect, store and use Biometric Data for the specific reasons set forth in the written release.

Disclosure

Headway will not disclose, re-disclose or otherwise disseminate any Biometric Data unless:

1. The User consents to the disclosure or dissemination;
2. Disclosure or re-disclosure completes a financial transaction requested or authorized by the User;
3. Disclosure or re-disclosure is required by state or federal law or municipal ordinance; or
4. Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Headway will not knowingly sell, lease, trade, or otherwise profit from a User's Biometric Data.

Retention Schedule

Headway will retain a User's Biometric Data until the first of the following options occurs:

1. The Purpose for collecting or obtaining the Biometric Data has been satisfied, such as Headway is no longer using Biometric Data for the purposes described above;
2. Within one year of the User's last interaction with Headway; or
3. The earliest reasonably feasible date, which date shall be not more than forty-five (45) days after Headway determines that storage of the Biometric Data is no longer necessary.

Data Storage and Security

To the extent Headway collects, stores and retains Biometric Data, it shall maintain reasonable physical, administrative and technical safeguards to store, transmit, and protect from disclosure any such Biometric Data collected, stored or retained. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same or more protective than the manner Headway transmits, stores, and protects from disclosure other confidential and sensitive information.

Headway maintains an incident response plan designed to detect, respond to and recover from security incidents that may impact personal information, including Biometric Data. In the event a security incident at Headway or one of its service providers adversely impacts your Biometric Data, we will, to the extent required by applicable law, provide you with notice.