Consumer Privacy Policy – NoHo Integrated Care Clinic

Consumer Privacy Notice

Last updated August 2025

Swinerton Incorporated and its subsidiaries and affiliated companies (“Company”) takes your privacy seriously. We want you to know how we collect, use, disclose, and retain your personal information.

Assistance for the Disabled

Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact DSR@swinerton.com for assistance.

This Privacy Policy Explains

What categories of personal information we collect
The categories of sources from which we collect this personal information
The purposes for which we use your personal information
How we may disclose your personal information
How we protect the personal data we collect
How long we keep your personal information
Additional Information for California residents
Changes to this Privacy Policy

CHILDREN’S ONLINE PRIVACY PROTECTION ACT COMPLIANCE

We do not collect information from anyone under 13 years of age. The products and/or services we provide, together with our Site, are all directed to individuals who are at least 13 years old. If you are under the age of 13, you are not authorized to use our services or the Site.

Scope

This Privacy Policy applies to the personal information of individuals (“you”, “your”, or “yours”) collected by Company, including the personal information collected when you visit our website as it may be modified, relocated and/or redirected from time to time (the “Site”). This Privacy Policy does not apply to the personal information of individuals in their capacity as prospective, current, or former employees, contract workers, board members, or owners of the Company or their emergency contacts, dependents, or beneficiaries. For individuals whom this policy does not apply to, please contact DSR@swinerton.com to request our policy which does apply.

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

“Other Web Sites” and “Third Party Sites”: The Site may contain links to other web sites not operated or controlled by us. The policies and procedures we describe here do not apply to Third Party Sites. The links from the Site do not imply that we endorse or have reviewed the Third-Party Sites. We suggest contacting those sites directly for information on their privacy policies.

1. WHAT CATEGORIES OF PERSONAL INFORMATION WE COLLECT

Identifiers, real names; and e-mail addresses.
Internet or Other Electronic Network Activity Information, information about your usage of the Site, such as the pages you viewed, the services and features you used or interacted with; your browser type and details about any links or communications with which you interacted; internet protocol (IP); browser plug-in types and versions; and operating systems and platform.
Professional Information, Business contact information and company name.
Commercial Information, records of products or services purchased and purchasing or consuming histories.
Financial Information, payment card details and billing address
User Content, includes content you submit when you contact customer service or otherwise contact Company.

Do We Use Cookies?

Yes. Cookies are small files that the Site or our service provider transfers to your computer’s hard drive through your Web browser that enables the Site’s or service provider’s systems to recognize your browser and capture and remember certain information. We use cookies to help understand how users use the Site. For example, cookies gather information about how long you spend on a web page so that we can understand what web pages are of most interest to users.

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off cookies by adjusting your browser settings. If you turn off your cookies, some of the features on the Site may not function properly. You can opt out of cookies or change your cookie preference at any time by clicking on the button in the footer.

Google Analytics

We use cookies provided by Google Analytics, a third-party service provider, to assist us in better understanding our Site visitors. These cookies collect data tied to a user’s IP address, such as the length of time a user spends on a page, the pages a user visits, and the websites a user visits before and after visiting the Site. Based on this information, Google Analytics compiles aggregate data about Site traffic and Site interactions, which we use to offer better Site experiences and tools in the future. For more information on Google Analytics, visit

https://support.google.com/analytics.

Tracking Across Time and Different Sites

The Site does not track your online activities over time and across websites or online services on an individually identifiable basis. We do not allow third parties to use our Site to track your activities over time or across other websites.

Do Not Track Setting

The Site currently does not respond to web browser “do not track” (DNT) signals or other mechanisms that indicate your preference for having information collected over time and across different web sites following your visit to our Site. DNT is a preference you can set in your browser’s settings to let the website you visit, including the Site, know that you do not want the websites collecting your personal information. You can also visit https://allaboutdnt.com/ to learn more.

2. THE CATEGORIES OF SOURCES FROM WHICH WE COLLECT YOUR PERSONAL INFORMATION

You, for example, when you register with our Site, subscribe to online services, when you contact us, or when you otherwise provide information directly to us.
Service providers, for example, analytics providers, IT, and system administration services.
Affiliated companies, for example, so that we can assist other companies in the Swinerton Family of Companies in providing you with products or services.
Automated technologies, for example, browsing activity collected by automated technologies on the Site.
Third parties, for example, lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
Public sources, for example, public databases.
Marketing/advertising companies, for example, from social media platforms, consumer research companies, and analytics or marketing/advertising companies.
Surveillance/recording technologies installed by Company, for example, video surveillance in common areas of Company facilities, voicemail technologies, and audio recording technologies with consent to the extent required by law.
Government or administrative agencies, for example, law enforcement, public health officials, and other government authorities.
Acquired entity, if Company acquired another entity, Company might collect personal information from that entity.

3. THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION

We use the categories of personal information we collect for one or more of the purposes below:

Providing Products and Services, including:

To deliver our products and administer our services.
To communicate with you.
To improve our products and services, develop new products and services, and conduct research on further improvements.
To enhance your experience using our products and services and to personalize your online experience.

Support and Marketing, including:

For customer support.
To respond to any requests, queries, suggestions, feedback, or comments you may have.
To send you marketing information about our products and services, including notifying you of marketing events, membership and rewards programs, and promotions, with your consent in accordance with applicable law.
To inform you of any changes to the services, your account (if applicable), this Privacy Policy, or any other policies or terms in relation thereto.
To perform operations to maintain the services, including to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends.

Analytics and Personalization

To conduct research and analytics, including improving our services offerings.
To understand how you interact with our website and communications with you. queries, suggestions, feedback, or comments you may have.

Monitoring, Security, and Compliance, including:

To administer and protect our business and our Site (including troubleshooting, analysis, testing, system maintenance, support, reporting and hosting of data, and preventing fraud and abuse).
To store, host, or backup (whether for disaster recovery or otherwise) our services or any data contained therein.
To protect the rights, property, or safety of Company, you, or others.
In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of Company or any of its subsidiaries or affiliates.
To report suspected criminal conduct to law enforcement and cooperate in investigations.
To exercise Company’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.
To ensure compliance with applicable laws and regulatory obligations.

Incidental Purposes:Any incidental purposes related to, or in connection with, the above.

4. HOW WE MAY DISCLOSE YOUR PERSONAL INFORMATION

Company discloses personal information as necessary for the purposes described in Section 3 above to the following categories of external
recipients:

Service providers and contractors: Company discloses your personal information to service providers and contractors for
the purposes above to assist us in meeting our business needs and contractual and legal obligations.
Affiliated companies: Other companies within the
Swinerton Family of Companies, for example, to provide you with our products and services.
Third parties: For example, we might disclose personal information to lawyers to assist us with legal compliance or to business partners to assist us in providing services to you.
Government or administrative agencies: For example, Company may report unlawful activity to law enforcement.
Required Disclosures: We may be required to disclose personal information in a court proceeding, in response to a court order, subpoena, civil discovery request, other legal process, or as otherwise required by law.
Legal Compliance and Protections: We may disclose personal information when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of Company, our users, or others.
Corporate Transactions: We reserve the right to disclose and transfer your personal information, including your personal information:
- To a subsequent owner or co-owner.
- In connection with a corporate merger, consolidation, bankruptcy, the sale of substantially all of our membership interests and/or assets or other corporate change, including to any prospective purchasers.

5. HOW WE PROTECT THE PERSONAL DATA WE COLLECT

The security and confidentiality of your personal data is important to us. We have technical, administrative, and physical security measures in place to protect your personal data from unauthorized access or disclosure and improper use.

For example, we use Transport Security Layer (TSL) encryption to protect the data collection forms on our Site. In addition, we restrict access to your personal data. Only employees who need the personal data to perform a specific job (for example, a customer service representative) are granted access to personal data. Employees with access to personal data are kept up-to-date on our security and privacy practices.

It is important for you to protect against unauthorized access to your password and to your computer. Be sure to close your browser after you have completed your visit to the Site.

Please note that despite our reasonable efforts, no security measure is ever perfect or impenetrable, so we cannot guarantee the security of your personal data.

6. HOW LONG WE KEEP YOUR PERSONAL INFORMATION

Company will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain your personal information for the duration of any applicable statutory retention period and as necessary to resolve disputes and enforce our legal
rights.

7. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

A. Notice at Collection for California Residents:

Company collects the personal information identified in Section 1 for the purposes identified in Section 3 and retains it for the period described in Section 6.

B. Information About Disclosures of Personal Information

1. Disclosures for Business Purposes

Company has disclosed each of the categories of personal information listed in Section 1, above, for the following “business purposes”, as that term is
defined under the California Privacy Rights Act (“CPRA”), in the last 12 months:

Service providers: For the business purpose of performing services on the Company’s behalf and, in particular, for the specific purposes described in Section 3, above.
Auditors, lawyers, consultants, and accountants engaged by Company: For the business purpose of auditing compliance with policies and applicable laws, in addition to performing services on Company’s behalf.
Affiliated companies: To other companies within the Swinerton Family of Companies for the business purposes of (1) auditing compliance with policies and applicable laws, (2) helping to ensure security and integrity, (3) debugging, (4) short-term transient use, (5) performing services on behalf of Company, (6) internal research, and (7) activities to maintain or improve the quality or safety of a service or device.

2. Sales and Sharing

Sales of Personal Information

Company discloses personal information to third parties for analytical, marketing, and advertising services as follows:

Categories of Personal Information	Categories of Third-Party Recipients
Internet Activity Information	Analytics Providers – to better understand our website visitors

Sharing of Personal Information

Company “shares” personal information with third parties as follows in order to provide you with information about products and services that may be of interest to you:

Categories of Personal Information	Categories of Third-Party Recipients
Internet Activity Information	Analytics Providers – to better understand our website visitors

3. Aggregated and Deidentified Information

We may aggregate and/or deidentify information, use it internally, and disclose to third parties. Neither Aggregated Information nor Deidentified
Information (defined below) is personal information.

“Aggregated Information” refers to information about a group of individuals from which the individually identifiable information has been removed. An example of Aggregated Information would be the statistic that 20 people used our website’s contact form on a given day.

“Deidentified Information” means information subjected to reasonable measures to ensure that the deidentified information cannot be associated with the individual. An example of Deidentified Information would be the data point that an unidentified visitor first entered the Site through our main web page.
We maintain Deidentified Information in a deidentified form and do not attempt to reidentify it, except that we may attempt to reidentify the information just to determine whether our deidentification processes function correctly.

4. Disclosures for Direct Marketing Purposes

California consumers who use the services may request that we provide certain information regarding our disclosure of your personal information to third parties for their direct marketing purposes. You can make such a request by e-mail to DSR@swinerton.com.

C. Your California Privacy Rights

Subject to applicable law, California resident individuals have the
following rights:

Right to Know: You have the right to submit a verifiable request for specific pieces of your personal information obtained from you and for information about the Company’s collection, use, and disclosure of your personal information. Please note that the CPRA’s right to obtain “specific pieces” does not grant a right to the whole of any document that contains personal information, but only to copies of items of personal information.
Moreover, California residents generally just have a right to know categories, for example, categories of third parties to which personal information is disclosed, but not the individual third parties.
Right to Delete: You have the right to submit a verifiable request for the deletion of personal information that you have provided to the Company.
Right to Correct: You have the right to submit a verifiable request for the correction of inaccurate personal information maintained by the Company, considering the nature of the personal information and the purposes of processing the personal information.
Right to Opt-Out of Sale and Sharing: You have the right to opt-out of the sale of your personal information and the disclosure of your personal information for cross-context behavioral advertising.

Note on Sensitive Personal Information: Company does not infer characteristics from sensitive personal information. Company only uses sensitive personal information as necessary to perform the services or provide the goods the average person would reasonably expect when requesting those goods or services, to ensure security and integrity, short-term transient use, to maintain the quality of our products and services, or for other purposes permitted by the California Privacy Rights Act and implementing regulations (“CPRA”) without the right to opt-out.

D. How to Exercise Your Rights

The company will respond to requests to know, delete, and correct in accordance with applicable law if it can verify the identity of the individual submitting the request. You can exercise these rights in the following ways:

Call (844) 383-8173
Email DSR@swinerton.com

To opt-out of the disclosure of your personal information for purposes of cross-context behavioral advertising or the sale of your personal information, click here: https://www.swinerton.com/cookie-declaration.

E. How We Will Verify Your Request

If you submit a request through an adequately secure password-protected account that you created before the date of your request, we will use the authentication mechanisms in the account to verify your identity. Otherwise, we match personal information that you provide us against personal information we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal information), the more items of personal information we may request to verify your identity. If we cannot verify your identity to a sufficient level of certainty to respond securely to your request, we will let you know promptly and explain why we cannot verify your identity.

F. Authorized Agents

You may designate an authorized agent to exercise your right to know, to correct, or to delete. If an authorized agent submits a request on your behalf, the authorized agent must submit with the request another document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you or your authorized agent to follow the applicable process described above for verifying your identity. You can obtain the “Authorized Agent Designation” form by contacting us at DSR@swinerton.com.