Effective Date: June 17, 2021

At Lilium Diagnostics Inc., we value the privacy of our clients. This policy explains how and for what purpose we collect, use, and share your personal information when you use the services offered by Lilium Diagnostics Inc. (collectively “Lilium”, “we”, “us” or “our”).

‍

1. SCOPE AND APPLICATION

This policy applies to personal information collected by Lilium, regardless of the means by which it is collected, for example, in person at our points of service and clinics, by telephone, or via the website or mobile application on which this policy is posted.

In this policy, we describe what personal information we collect, how we use, share, and manage it, how you can access, update, or correct your personal information, and the choices you have regarding your privacy.

In some cases, at the time of collection of your personal information, we may provide you with additional information regarding the processing of your personal information. We may also, in certain circumstances, obtain your specific consent to use or share your personal information.

• What Does the Privacy Policy Include?

This policy describes how we handle your personal information, specifically, what information we collect and how we collect, use, share, protect and store it. In addition, we explain what your privacy choices are and how you can exercise those choices.

• When Does the Privacy Policy Apply?

This policy applies to you in all situations where you interact with Lilium and where we collect information about you. For example, this may occur when you use our services, including when you take a sample at a point of service, when you visit our Website, or when you communicate with us by any means.

Please note that specific notices or additional terms and conditions may apply to the processing of your personal information. These additional notices or terms and conditions apply in addition to this policy. For example, in certain cases, Lilium will ask you to fill out a consent form for your personal information to be transferred to a third party, for example when you want us to transmit your test results to your employer.

2. WHAT PERSONAL INFORMATION DO WE COLLECT AND HOW DO WE COLLECT IT?

We collect only the personal information reasonably required to provide and manage our services and business operations. We collect your personal information in a variety of ways. We collect it, for example, directly from you, from third parties, when you visit our Website, or through medical equipment you use in the course of the care we provide to you.

• Definition of “Personal Information”

“Personal Information” means any information that identifies you or could reasonably be associated with you. The personal information we collect may include, but is not limited to, the following:

• Identity and contact information, such as first and last name, date of birth, residential address, telephone number, email address, gender, height and weight, and health insurance number.
• Health-related information, such as all or part of your medical file, a medical certificate with or without a diagnosis, the fact that you consulted a physician or other health professional, the date of the consultation, your list of medications, prescriptions issued, and information related to your genetic profile.
• Information on specific products and services that you have purchased from Lilium, including in our online stores.
• Payment information (such as credit card information) if you make a purchase on our Website.
• Information collected automatically when you visit our Website.

Information that is aggregated and/or anonymized, and cannot be associated with an identifiable individual, is not considered personal information.

• How We Collect Your Personal Information

We generally collect personal information as follows:

Directly From You

You may provide us with personal information directly, for example, in person at our points of service and clinics, during a teleconsultation, by mail, email, telephone, fax, or through our Website or app.

For example:

• When you come to a point of service for a diagnostic test, we collect your personal information necessary to perform the required service and to communicate the results, if applicable. We also collect your health information resulting from the test that was performed.
• When you participate in a teleconsultation with a health practitioner, we collect personal information necessary to provide the required service. Use of a telemedicine platform is subject to the relevant provider’s privacy policy, and you will be asked to consent before the recording of any teleconsultation.
• When you contact us by phone to make an appointment, we collect the personal information necessary to complete the appointment booking process.
• We may record calls to our customer service centre for quality control purposes. In this case, we will inform you at the beginning of the call.
• When you purchase a Lilium testing kit, we collect relevant information to ascertain that you are the designated test taker before providing you with this product.
• When you use a chat service on our Website to discuss with a Lilium representative.

Other Sources

Occasionally, we may receive personal information from other sources. In these cases, we only receive it with your consent or as required or permitted by law (for example, to meet our regulatory obligations).

For example:

• If you are required to undergo a diagnostic test for your workplace, your employer may provide us with information about you.

From the Medical Equipment You Use

In some cases, we may receive personal information through your medical equipment, with your consent.

For example:

• When you provide a sample for diagnostic testing, we have access to the data captured by the test, with your consent.

Through Our Website

We may collect certain types of information electronically through your contact with our Website using technologies (either our own or third party technologies) such as cookies and web beacons.

We use the information collected to adapt our Website to the preferences of the user concerned, to compile statistics about the consultation and use of our Website and our electronic communications (such as our newsletters) in order to improve them, and to present you with Lilium advertisements with the help of our partners.

For example:

• We may use your geographic location to determine the language in which our Website is displayed when you visit it.
• Subject to applicable laws, we may use the pages you visit on our Website to present you with personalised advertisements on our partners’ websites.

The technologies we employ include, but are not limited to, the following:

• Cookies, which are small text files that are stored on your computer when you visit a website so that information can be saved between visits, such as your login credentials or language preferences. Thus, cookies allow you to log in quickly when you visit our sites.
• Web beacons, which are small image files containing information about you, such as your IP address, that can be downloaded when you visit a website or open an email. This allows us to understand your online behaviour, monitor our email delivery, and provide you with interest-based advertising. These tools also allow our third-party tracking tools to gather information, such as your IP address, and provide this back to us in an anonymized, aggregate form (i.e., in a manner that prevents us from identifying you personally). Aggregate information refers to personal information compiled and expressed in a summary form where no personal identifiers are included.

We use Google Analytics and HotJar, which are services that use cookies to analyze your use of our Website, generate reports for us on the activities of visitors to our Website, and provide other services related to the use of the Website and the Internet. This information is not transmitted to us in a form that can identify you.

You can remove or disable some of these technologies at any time through your browser. However, if you do so, you may not be able to use certain features of our Website. To learn more about the privacy choices available to you, please visit How Do I Change My Privacy Choices?

3. HOW DO WE USE PERSONAL INFORMATION?

We use your personal information to provide you with our services, to manage our business operations, to communicate offers and information that we believe will be of interest to you, to enhance your overall client experience, and for other purposes permitted or required by law.

In particular, we use your personal information for the following purposes:

a. To Offer You Our Services

We use your personal information to provide you with our services and, more specifically, for the following purposes:

• Verifying your identity. For example: if you contact us for information about your health record, we will ask you for information to confirm your identity.
• Providing our services to our patients and clients, including our corporate clients. For example: to carry out analyses of samples you have submitted to us.
• Enabling you to shop for products online or in person. For example: you can buy equipment on our online shop.
• Administering your file, including your online portal, to better meet your needs. For example: we maintain a file of your diagnostic tests in order to better meet your needs, offer quality client service, and better understand our clients and their needs.
• Answering your requests and questions. For example: you can contact us by phone about our services, to obtain information about your file or to make an appointment.

b. Managing Our Business Operations

We use your personal information for several reasons in connection with our business operations, which include:

• Deploying and managing our information technology applications and systems. For example: when necessary to ensure the security of our networks.
• Managing and facilitating the use of our Website. For example: by means of cookies or other similar technologies.
• Enabling your participation in surveys or, if applicable, contests, promotions, polls, chats, seminars, or workshops. For example: we can send you a satisfaction survey after an appointment.
• Ensuring the safety of the public, our clients, employees, and property. For example: when necessary to ensure safety in a clinic.
• Protecting ourselves and other organizations from error and fraud. For example: we may verify the personal information of our clients in the context of compliance audits.
• Monitoring and investigating incidents and managing claims. For example: we may use our clients’ personal information when necessary, in connection with a claim.
• Meeting our legal and regulatory obligations. For example: we may need to use our clients’ personal information to provide reports to government authorities.

c. Our Communications With You

We use your personal information to communicate with you in the following ways:

• Sending you our newsletter (subject to your right to unsubscribe).
• Informing you in a variety of ways (for example, by email, telephone, text message or direct mail) about our programs, products, services, special offers, promotions, contests, or events that may be of interest to you (subject to your right to unsubscribe). For example: we may send you information about new offerings available through our diagnostics labs.
• Providing you with personalized advertising for our products or services, if we believe they may be of interest to you.

If you no longer wish to receive our commercial electronic messages, please follow the unsubscribe procedure included in each of these messages. For more information on this topic, see How Do I Change My Privacy Choices?

d. Data Analysis and Research

We may use your personal information to conduct data analysis and research to improve or develop health-related products and services, programs, promotions, contests, or events, and to better understand our clients. In such cases, we will generally aggregate and/or anonymize your personal information so that it no longer includes information from which you can be identified.

For example, we may conduct data analysis and research for the following purposes at any time, in accordance with applicable laws:

• Determining the effectiveness of a test and finding ways to improve it or developing tools to improve diagnosis or imaging reading.
• Conducting health research.
• Improving the performance of our Website and developing content that better meets the interests of our visitors.
• Measuring the effectiveness of our marketing and developing campaigns that meet the needs of our clients.
• Developing new health products and services that meet the needs of our clients.
• Conducting data analysis and research and development to develop new tools such as algorithms or reports.

4. HOW DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your personal information between Lilium entities or to our service providers (companies that carry out activities on our behalf) and other third parties (with your consent or when otherwise permitted by law) for the purposes described in this policy and in accordance with applicable law (for example, under the Act Respecting the Sharing of Certain Health Information). We do not sell your personal information, other than in the event of a sale or transfer of part of our business.

Lilium entities may share personal information among themselves and use it for the purposes described in this policy. This allows each Lilium entity to comply with applicable laws, regulations, and requirements, and it ensures that your information is consistent, accurate, and up to date. In addition, it increases the quality and relevance of the services you receive and improves your interactions with Lilium through easier access to your information within the group. In addition, we may share aggregated and/or anonymized information to third parties (including government, pharmaceutical companies, physicians, nutritionists, pharmacists, drug manufacturers, and others involved in health care or the medical field).

We do not share your personal information with any person or company outside our group of companies except as set out below:

a. Service Providers

We may share personal information with our service providers. These service providers assist us in providing our services, conducting our business operations, operating our technology systems, applications, and infrastructure, and implementing our internal procedures and our advertising and marketing strategy. For example, they provide us with services such as data hosting, email deployment, marketing, sales, and personal information processing or analysis. We may also outsource certain services we provide to our clients to third parties, including laboratories and healthcare professionals.

For example:

• Our patient records may be hosted with an Electronic Medical Record (EMR) provider.
• We may use an email service provider to send you our newsletter.
• We may use the chat platform of a service provider to offer you a service allowing you to chat live with a Lilium representative.
• We may use a service provider’s telemedicine platform to offer teleconsultation with a healthcare professional.
• We may use third-party online payment platforms to process purchases on our Website.

By using Lilium’s services, you consent to having your personal information transit through the systems of suppliers that allow us to interact with various electronic medical records (EMRs).

b. Sale or Transfer of Our Business or Other Transaction

We may decide to sell or transfer all or part of our business to a third party, merge with another entity, secure our assets or proceed with any other financing or other strategic capital transaction (including insolvency or bankruptcy proceedings), restructuring, share sale, or other change in corporate control. You consent to the sharing of your personal information when required for the purposes of such a transaction.

c. Other Permitted Reasons

The law permits or requires the collection, use, or sharing of personal information without consent in specified circumstances (for example, to investigate or prevent suspected or actual illegal activities, including fraud, or to assist government and law enforcement agencies). These circumstances include where it is permitted or required by law and where it is necessary to do so to protect ourselves or to protect our employees, customers, or others. In such circumstances, we will not share more personal information than is reasonably required to fulfill that particular purpose.

If you use our services, please note that under the Act Respecting the Sharing of Certain Health Information, Lilium may be required to share your health information to authorized persons using the Massachusetts Health Record. By using our services, you consent to such communications.

d. With Your Consent

In addition to the purposes identified above, we may, with your express or implied consent and subject to applicable law, communicate or share your personal information to persons or entities outside our group of companies.

For example:

• With your consent or at your express request, we may share your information with your insurer, employer, or treating physician, among others.

5. HOW DO I GIVE OR WITHDRAW MY CONSENT?

By using our services and visiting our Website, you consent to the collection, use, and sharing of your personal information as described in this policy. In some cases, your consent may be “implied”, meaning that your permission is deemed to be given based on your action or inaction at the time of collection, use, or sharing of your personal information.

Generally, we will seek your consent when we wish to use your personal information for a new purpose or for a purpose other than those identified in this policy or otherwise at the time of collection, for example, in a specific consent form or in the terms and conditions of a service to which you subscribe.

You may withdraw your consent at any time, except in limited circumstances, including where we are bound by legal or regulatory requirements or you have contractual obligations with us. More information on how to manage your privacy preferences can be found at How Do I Change My Privacy Choices?

If you choose not to provide us with certain personal information or if you withdraw your consent, where it is possible to withdraw consent, we may not be able to provide our services to you.

6. HOW DO I CHANGE MY PRIVACY CHOICES?

You have choices about the way Lilium handles your personal information. You can always withdraw your consent for your personal information to be used for purposes other than those that are absolutely necessary for the provision of our services, without this having any consequences on the services you receive from Lilium.

For example

• You can always refuse to receive advertising communications from Lilium.

You have different options to make your choices:

a. Within Your MyLilium Account

If you have a MyLilium account, you can update your communication preferences.

b. When You Register or by Contacting Us Directly

You can always choose not to receive marketing messages from Lilium by email by clicking on “unsubscribe” in any email you receive.

Please note that even if you have indicated your choice not to receive commercial messages from us, we may still communicate with you in connection with a service, in accordance with applicable law (for example, to send you a customer service message, important product information, service notification or recall). In addition, it may take up to 10 business days to register a change of preference in all of our records.

c. Changing Your Browser Settings on Your Device

We use technology to enhance your client experience and present you with offers, including personalised advertising. Through technologies such as cookies, our Website recognizes you when you use or return to them and can provide you with a seamless experience. You can remove or disable some of these technologies at any time through your browser. However, if you do so, you may not be able to use some of the features of our Website.

Please refer to your browser instructions or help screen to learn how to block, delete, and manage cookies on your computer or mobile device. You can also use the quick links below, depending on the type of browser that you are using: Internet Explorer, Google Chrome, Firefox, and Safari.

d. Using Third Party Unsubscribe Functionality

We may use the services of third parties (for example, services such as Google Analytics or of social media platforms) that use certain technologies to analyze your browsing behaviour on our Website. You can manage your privacy preferences with respect to the services of certain third parties, such as Google or Facebook, by using their platform’s unsubscribe feature. Please note that disabling, blocking, or removing some of these technologies, such as cookies, may prevent your use of certain features of our Website.

For example, Google Analytics uses cookies to analyze your browsing behaviour on our Website. This information, which is transmitted to us in a form that does not identify you, comes from your device or browser settings related to advertisements. If you want to disable Google’s ad settings, go to http://www.google.com/settings/ads or use the Google browser add-on for deactivation, which can be found at https://tools.google.com/dlpage/gaoptout.

7. HOW DO WE PROTECT AND STORE PERSONAL INFORMATION?

The security of your information is important to us, and we are committed to protecting your privacy through a variety of organizational, physical, and technological safeguards. We retain your personal information for as long as necessary to provide you with our services, to manage our business operation, and to comply with our legal and regulatory obligations.

a. How We Protect Your Personal Information

To protect your personal information, we employ organizational, physical, and technological safeguards. Our goal is to prevent unauthorized access, loss, misuse, sharing, or alteration of personal information in our possession. We also use these safeguards when we dispose of or destroy your personal information.

b. Where We Keep Your Personal Information

We use all reasonable security measures, which may include imposing contractual obligations on our service providers, to protect your personal information wherever it is used or stored.

Unless we are legally required or contractually obliged to keep your personal information in USA, it may be transferred outside of USA. For example, some of our service providers may be able to access, process, or store your personal information outside of your State, or outside of USA, for the purposes of the services they provide to us. In this case, personal information is governed by the laws of the jurisdiction where it is used or stored, including any laws authorizing or requiring the sharing of the information to government authorities or agencies, courts, and law enforcement authorities in that jurisdiction.

c. How Long We Keep Your Personal Information

We store your personal information for as long as is necessary to provide our services to you, to manage our business operations, and to comply with our legal and regulatory obligations (for example, health care providers must comply with legal retention requirements for patient records). Once no longer required, your personal information will be securely destroyed or anonymized (so the information no longer identifies you).

8. HOW DO I ACCESS MY PERSONAL INFORMATION?

You have a right of access to the personal information we hold about you, subject to any restrictions imposed by law. Upon request, we will provide you with access to your personal information within a reasonable time.

It is your responsibility to provide accurate, correct, and complete information. If you notice any errors in your personal information or need to update it, please notify us in the manner set out below.

You can access some of the personal information we hold about you through your MyLilium account.

To consult personal information that is not accessible through your MyLilium account, you can make a request by contacting us using the contact information set out in Whom Do I Contact If I Have Questions About the Protection of My Personal Information?

9. HOW DO I KNOW IF THE PRIVACY POLICY HAS CHANGED?

We may make changes to this policy from time to time. Any changes we make will be effective when we post the revised policy on this web page. If we make any significant changes to the policy, we will post a notice on our Websites or contact you to inform you when required by law. By continuing to use our services after the modified version of the policy has been posted, you are accepting the changes to the policy, subject to any additional requirements that may apply. If you do not accept the changes to our policy, you must stop using our services. It is your responsibility to ensure that you read, understand, and accept the latest version of the policy. The “Effective Date” at the top of this policy indicates when it was last updated.

10. WHOM DO I CONTACT IF I HAVE QUESTIONS ABOUT THE PROTECTION OF MY PERSONAL INFORMATION?

If you have any questions about how we handle your personal information, we invite you to contact the Privacy Committee.

Email: info@Liliumdiagnostics.com

Address: Lilium Diagnostics Inc,  124 Watertown St, Suite 3b, Watertown, MA 02472