Data Privacy Framework

This Data Privacy Framework Policy (“Policy”) applies to MedCompli Inc. when Personal Information is received from or about Individuals in the European Economic Area (EEA), United Kingdom (UK), or Switzerland in any format including electronic, paper or verbal. MedCompli respects the relationships we have with our customers and respects the privacy of all Individuals whose Personal Information (see Definitions) may be processed by MedCompli in the performance of our services and our business operations.

To demonstrate our commitment to the protection of Personal Information, including Personal Information transferred out of the EEA, UK, and Switzerland for the performance of our services and business operations in the United States, MedCompli complies with the EU-U.S. Data Privacy Framework (“DPF”), the UK extension to the DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss DPF”), respectively, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, UK, and Switzerland to the United States.

MedCompli has certified with the Department of Commerce that it adheres to the DPF Principles. If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/. We also use standard contractual clauses and other mechanisms approved by the European Union for certain transfers of Personal Information to the United States from the EEA, UK, and Switzerland.

This Policy supplements MedCompli’s General Privacy Policy which can be found by following this link (collectively, they comprise MedCompli’s “Privacy Policies”).

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, MedCompli commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

SCOPE: This Policy applies to all Personal Information of Individuals received by MedCompli in the U.S. from the EEA, UK, or Switzerland, including Personal Information of consumers, healthcare professionals, suppliers, vendors, job applicants, business contacts and partners. This Policy will help you understand how MedCompli collects, uses, shares and safeguards Individuals’ Personal Information, and how, in certain circumstances, you can elect whether or not to allow your Personal Information to be used or shared. MedCompli endeavors to collect, use and disclose Personal Information in a manner consistent with the laws of countries in which it does business, and also has a tradition of upholding the highest ethical standards in its business practices.

PURPOSE / DISCLOSURE: MedCompli may disclose personal information to the following types of organizations:

1.To our third-party service providers, such as website hosting providers, information technology providers, payment services providers, and/or communication providers.

2.To parties involved in litigation, judicial or administrative bodies in the US or a foreign jurisdiction, dispute resolution providers, and/or regulatory bodies in the US or a foreign jurisdiction.

3.To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

4.To respond to lawful requests from public authorities, including public and government authorities outside your country of residence, to meet national security, public interest, or law enforcement requirements.

MedCompli will process & store personal data provided by clients to facilitate their compliance with regulations, law, and internal client policies & procedures. MedCompli is a platform utilized by clients to manage relationships with Healthcare Professionals and the data may include Name, Email Address, Address, medical license registration numbers and other basic demographic information. MedCompli would also include information on the client and information on client users of the platform such as their name, email address & manager.

MedCompli processes personal data for the purpose of providing client services. Personal Data relating to clients is collected from clients who provide it to us in connection with our provision of services to those clients. Client data is processed in the normal conduct of our business relationship with the client, to perform the services requested by and contracted with our clients.

Customers using MedCompli’s cloud solutions are responsible for managing the data that they store within MedCompli’s cloud solutions. Customers determine the categories of Personal Data and other information that are stored by MedCompli. Similarly, MedCompli’s customers and prospective customers who share data with MedCompli in connection with any of its Services determine which categories of Personal Data will be shared and for what purposes. Consequently, MedCompli does not generally know the categories of Personal Data to be processed or the purpose(s) of the processing unless and until MedCompli receives this information from its customers or prospective customers.

When MedCompli processes Personal Data, MedCompli does so only for the purpose of providing Services.

MedCompli does not share the personal data with any third parties.

The Customer’s and Prospective Customer’s Responsibilities with Respect to Personal Data

MedCompli customers and prospective customers may choose to include Personal Data among the data stored within the MedCompli cloud or otherwise shared with MedCompli in connection with its provision of Services.

MedCompli processes only the Personal Data that its customers or prospective customers have chosen to share with MedCompli. MedCompli has no direct or contractual relationship with the subject of such Personal Data (a "Data Subject"). As a result, when a customer or prospective customer shares Personal Data, the customer or prospective customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.

It is the customer's or prospective customer's responsibility to ensure that Personal Data it collects can be legally collected in the country of origin. The customer or prospective customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject's request to exercise his or her rights with respect to Personal Data. In addition, the customer or prospective customer is responsible for ensuring that its use of MedCompli’s cloud offerings or Services is consistent with any privacy policy the customer or prospective customer has established and any notices it has provided to Data Subjects.

LIMITATIONS ON SCOPE:

Adherence to the DPF Principles may be limited (i) to the extent required or allowed by applicable law, rule or regulation; (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) to protect the health or safety of an Individual. Also, this Policy may not apply or may be limited when Personal Information is collected or processed by the following:

DEFINITIONS: For purposes of this Policy, the following definitions shall apply:

Capitalized terms not defined above have the definitions set forth in the respective paragraphs of this Policy.

NOTICE

Where MedCompli collects Personal Information directly from Individuals, it will explain the purposes for which it collects and uses Personal Information about the Individuals, the types of third parties to which MedCompli discloses that information, and the choices and means, if any, MedCompli offers Individuals for limiting the use and disclosure of Personal Information about them. Notice will be provided in clear and conspicuous language. This explanation will be provided as soon as practicable and, in any event, before MedCompli discloses the Personal Information or uses such information for a purpose materially different than that for which it was originally collected or processed.

In circumstances in which MedCompli obtains personal data as a service provider for its clients or affiliates, MedCompli’s clients or affiliates are responsible for providing appropriate notice to the Individuals whose personal data are transferred to the U.S. and obtaining any requisite consent (unless this function has been delegated to MedCompli).