Kind Health Insurance Services, LLC (“Kind”, “we”, “our”, or similar terms) collects, uses, and discloses personal information regarding users (“you”, “your” and similar terms) of Kind’s owned websites [www.kindhealth.co,kindbenefits.com] (collectively, the “Sites”). This privacy policy, updated July 28, 2020, describes the information privacy practices Kind follows with respect to personal information you share with us via the Sites and personal information we obtain from other sources.

In order to assist you with your health insurance needs, and in our capacity as a licensed insurance agent, you may provide us personal information regarding you and others on whose behalf or for whose benefit you use the Sites. We use the personal information provided to us as well as personal information obtained from other sources to assist you in connection with inquiries regarding, application for, or enrollment in health insurance and other products and services facilitated via the Sites. We collect, use, and disclose personal information pursuant to this privacy policy, as updated from time to time.

Consent to this Policy

By using the Sites, you consent to our collection, use, and disclosure of the personal information as described in this policy. If you do not agree with these terms, you should not use the Sites.

Changes to this Policy

We reserve the right to amend or change this policy at any time. Changes to this policy will be effective immediately upon posting to the Sites. Any time we amend or change this policy, we will update the date of this policy on the Sites.

Collecting Personally Identifiable Information

In the course of performing our services and operating our business, we seek and collect personal information data that could potentially be used to identify an individual (“PII”). Methods by which we may collect PII include, but are not limited to, your transmitting information to us via electronic mail or voluntarily sharing information via the Sites, an inquiry page, or other means of communication. Such PII may include, but is not limited to, individual contact information, age, gender, date of birth, Social Security number, health conditions, bank information, credit or debit card number, and other personal information. If you apply through us for government health insurance subsidies or for health insurance sold through a governmental exchange, we will ask you for personal information, including financial, tax filing, and household information. We may use third party service providers to assist us in collecting and maintaining this PII.

We collect PII from you when you shop for, apply for, or enroll in health insurance coverage or other products and services through the Sites. We will also collect PII when you contact us through the Sites. We may receive personal information about you from other sources, including publicly available databases or third parties from whom we have obtained data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. Examples of the types of personal information that may be obtained from public sources or third parties and combined with information we already have about you may include: (a) address information from third party sources to verify your address so we can properly communicate with you and to prevent fraud; and/or (b) data about our customers from third parties that is combined with information we already have about you to create more tailored advertising and products.

We may maintain records that include PII collected from you in the course of performing our services and operating our business.

Collecting Non-personally Identifiable Information

When you visit the Sites, we may automatically and passively collect and temporarily store non- personally identifiable information relating to your visits to the Sites. This information may be collected by various means, including “cookies”, which are small text files that are automatically placed on your computer, collection of your IP address, and information regarding the browser software and computer system that you are using, along with similar analytic data. Our cookies include “session cookies” or single-visit files that gather data regarding how the Sites are used, and “persistent cookies” which last for multiple visits to the Sites and are used to customize the Sites for frequent visitors and gather information regarding variations of website design and content. Session cookies expire when you leave the Sites and are automatically deleted from your computer when they expire. Our persistent cookies are set to expire 90 days after your last visit to any of the Sites. After such time, they are automatically deleted from your computer. Kind cannot identify a specific individual by use of our cookies. We may use your IP address (or, if available, GPS or other location data) to allow us to predict your geographic location; such information will be stored by us and used as a data point to provide recommendations of insurance and other products and services for you.

Use of Personal Information by Kind

We use personal information for numerous and various purposes, including to:

• Communicate with you and others as part of our business.
• Respond to your requests.
• Assess eligibility for products and services.
• Facilitate inquiries regarding, applications for, and enrollment in products or services.
• Provide marketing information to you (including information about other products and services offered by third parties).
• Personalize your experience when using the Sites.
• Manage our infrastructure and business operations and operationalize internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records and documentation.
• Analyze data and perform customer research, including identifying usage trends and determining the effectiveness of our promotional campaigns;
• Inform our machine learning for purposes such as user engagement
• Comply with applicable laws and regulatory obligations.Maintain the safety, security, and integrity of the Sites and our technology assets.
• Establish and defend legal rights and protect our operations.

Sharing of Personal Information with Third Parties

Sharing of Personal Information with Third Parties

We are regulated under the Gramm-Leach-Bliley Act as a financial institution.

You have a right to opt out and limit us sharing nonpublic personal information about you and others on whose behalf or for whose benefit you use the Sites with non-affiliated third parties. If you choose to exercise your right to opt out, you must email us at [email protected] and indicate that you wish to exercise your right to opt out of Kind’s sharing of nonpublic personal information about you or others on whose behalf or for whose benefit you use the Sites to non-affiliated third parties for purposes other than those that are required or permitted by law.

Even after you have opted out, there are a number of exceptions under the law that allow us to continue to share nonpublic personal information in limited circumstances.

For example, after you have opted out, we may still share nonpublic personal information with a non-affiliated third party about you and others on whose behalf or for whose benefit you use the Sites:

• To process or administer a transaction requested or authorized by you.
• To protect the confidentiality or security of our business records.
• For us to conduct required institutional risk control or to resolve consumer disputes or inquiries.
• If the non-affiliated third party either holds a legal or beneficial interest relating to you or acts in a fiduciary or representative capacity on your behalf.
• To protect against or prevent fraud, unauthorized transactions, claims, or other liability.
• To comply with Federal, State, or local laws, rules and other applicable legal requirements.
• To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local governmental authorities.
• To respond to judicial process or government regulatory authorities having jurisdiction over us for examination, compliance, or other purposes as authorized by law.
• To a consumer reporting agency in accordance with the Fair Credit Reporting Act.
• In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit.
• In connection with the provision of services to, or the performance of functions on our behalf, provided that we have a contract that prohibits the use or disclosure of nonpublic personal information for any purposes other than the purposes for which the information is shared by us.
• In connection with offering, endorsing, or marketing products or services jointly for us and another financial institution through a joint agreement, provided that such joint agreement prohibits the use or disclosure of nonpublic personal information for any purposes other than the purposes for which the information is shared by the parties.