Privacy Policy

Recently updated: June 10, 2024

Nano-X Imaging Ltd., together with its subsidiaries and affiliated companies (collectively "Company", "we", "us" or "our") respects your privacy and recognizes that your privacy is important.

This privacy policy ("Privacy Policy") explains the Company's practices regarding the collection, processing, usage, and transfer of certain data, including Personal Data (as defined below), from:

a) Individuals who visit our informative website available at: https://www.nanox.vision/ (“website”), participating in events we host, subscribe to our newsletter, or otherwise (“Prospects”).

b) Customers who purchase our products or otherwise purchase a license to access and use our multiple cloud-based services (“Customers”). NOTE: this Privacy Policy does not apply to customers of our Second Opinion Services offered through the following website: https://www.secondopinions.com/ , and which are governed by the Second Opinion Privacy Policy.

c) Individuals who interact with our products and services through their clinics, health facilities, imaging facilities, etc. (“End-Users”).

d) Individuals who interact with a job we offer online (“Job Applicants”).

Prospects, Customers, End-Users and Job Applicants may by individually or collectively referred herein as “you” or “your”.

This Privacy Policy is an integral part of our website Terms and Conditions or any other agreement referencing this Privacy Policy.

Note you are not required by law to provide us with any Personal Data or Health Related Information. Sharing any data with us is entirely voluntary.

This Privacy Policy applies to all individuals world-wide, however, certain jurisdictions require that applicable disclosures will be provided in a certain way and format, and therefore additional notices may apply as follows:

Additional Information to California Residents: In the event you are a California resident– please also review our CCPA Privacy Notice to learn more about our privacy practices with respect to the California Consumer Privacy Act.

Additional Information to Colorado Residents: In the event you are a Colorado resident – please also review our CPA Notice to learn more about our privacy practices and your rights under the Colorado Privacy Act.

Additional Information to Connecticut Residents: In the event you are a Connecticut resident– please also review our CDPA Notice to learn more about your rights under the Connecticut Data Privacy Act.

Additional Information to Virginia Residents: In the event you are a Virginia resident– please also review our VCDPA Notice to learn more about our privacy practices and your rights under the Virginia Consumer Data Protection Act.

Additional Information to Utah Residents: In the event you are a Utah resident – please also review our UCPA Notice to learn more about your rights under the Utah Consumer Privacy Act.

1. Policy Amendments

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the website and reflected in the “Recently Updated” heading. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

‍2. Data Controller, Data Protection Officer & Representative

Nano-x Vision Ltd., incorporated under the laws of the State of Israel, is the “Data Controller” (as such term is defined under the GDPR or equivalent privacy legislation) of the Personal Data collected from Visitors with regards to their use of the Website.

If you have any question, inquiry, request or concern related to this Privacy Policy or the processing of your Personal Data, you may contact us, and our privacy team as follows:

‍By Email: dpo@nanox.vision; or
By Mail: Nano-X Imaging Ltd., 94 Em Hamoshavot Rd. Petah Tikva, 4970602, Israel.

3. The Data Sets We Collect

We may collect two types of information from you, depending on your interaction with us:

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, session duration, etc.

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data” or “Personal Information” as defined under the applicable data protection law). Personal Data may also include “Personal Health Information” or “Personal Data Concerning Health” (which shall collectively be referred under this Privacy Policy as “Health Related Data”): means any information which relates to the End Users’ medical or mental condition, the provision of healthcare services or otherwise; provided such data is not subject to any other governing regulation. Additional information regarding the Company’s privacy practices with Personal Health Information are detailed under the Notice of Privacy Practice.

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists. However, this Privacy Policy does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to an individual (such as anonymized or aggregated data which cannot directly or indirectly be used to identify you or to obtain information about you ("Anonymized and Aggregated Data"). We may generate or extract Anonymized and Aggregated Data out of any databases containing your Personal Data and we may make use of any such Anonymized and Aggregated Data for our purposes as we see fit.

The table below details the types of Personal Data we collect depending on your interaction with us, the purpose, lawful basis, and our processing operations:

Type of Data

Purposes and Operation

Lawful Basis under the GDPR

Prospects

Online Identifiers and Telemetry Data:

When you interact with the website, we collect and generate online identifiers such as your Internet Protocol address (“IP”), and additional identifiers allowing us to individually identify you, such as a Cookie ID which is assigned to your device ("Online Identifiers").

Further, additional information is automatically collected regarding your "website online behavior". Such information includes the pages you viewed, click stream data, access time stamp, etc. (collectively "Telemetry Data")

Online Identifiers and certain Telemetry Data are used in particular to operate the website and enable its proper functionality, for security and fraud prevention purposes, debugging and to resolve technical problems. For example, in order to automatically recognize you by the next time you enter the website or to confirm you are a real person.

Certain Online Identifiers and Telemetry Data are indirectly processed by third-parties marketing and analytic tools, for analytic and marketing purposes. We process this data to understand how our Prospects use the website and to measure effectiveness of some marketing campaigns we run in order to track conversions, build targeted audience, and market our services to people who have taken some action on the website.

Online Identifiers which are collected through cookies we implement, which are strictly necessary for the proper and basic operation of the website or fraud prevention will be processed in our legitimate interest.
‍
Telemetry Data which are collected through third-party tracking technologies, including any targeting and marketing cookies, will be processed based on your consent which we will obtain through our cookie notice and consent management.

You may withdraw consent at any time by using the cookie preference settings as available in the footer of the website, or by managing opt-out through your browser or device.

Contact Information:
‍
If you voluntarily contact us for support or other inquiries, or if you register to receive our newsletter (to the extent available), you will be required to provide us with certain information such as your name, email address, organization name, etc. In addition, you can choose to provide us with additional information as part of your correspondence with us (“Contact Information”).

Provide the required support:

‍We collect your Contact Information to provide you with the support you requested or to respond to your inquiry.

We process the Contact Information in order to provide you the requested support, subject to our legitimate interest.

Newsletter:

If you registered to receive our newsletter, we will use you Contact Information in order to provide you with the requested communications.

When we process your Contact Information in order to send you our newsletter, we do so based on your consent which can be withdrawn at any time using the “unsubscribe” link within the communications we sent you.

Improve the Services:

The correspondence with you may be processed and stored by us in order to improve our customer service and in the event, when we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable).

When we process your Contact Information on order to improve our customer services, we do so based on our legitimate interest.

Direct Marketing:

When you contact us, we may use your email address in order to send you service communications and marketing promotions, such as new features, additional offerings, special opportunities or any other information we think you will find valuable (“Direct Marketing”).

When we process your email address in order to send you Direct Marketing, we do so based on our legitimate interest. You can opt-out at any time through the “unsubscribe” link within the email or by contacting us directly.

Keep a suppression list:
‍
We will further use your email address, if applicable, under our suppression list, when you request to opt-out to ensure we comply with such preference and choice.

We will keep you email address for purpose of maintaining a suppression list based on our legitimate interest.

Customers

Account Details:
‍
In order to use our products and related services, you will be required to register and create an account. During the registration process you will be requested to provide us with your Contact Information and additional information on the business you represent (if applicable), billing and payments information, etc. (“Account Details”).

We will use your Account Details to provide the customer support needed, the services, including delivering images, results, reports, etc., authentication, related account management services (including billing and invoicing), and to send you Direct Marketing communications.

We will retain such correspondence for as long as needed.

We process your Account Details to fulfill our contractual obligations to you.

Processing of your Account Details for Direct Marketing purposes is made subject to our legitimate interest. You can opt-out at any time using the “unsubscribe” link within the email.

Interaction With the Services and Device Data:
‍
We keep track of certain information about you when you visit and interact with any of our services. This information includes the features you use; the links you click on; pages you have viewed, the type and size of attachments you upload to or provide through the services; and additional information on how you interact with our services.

We also collect information about your computer, phone, tablet, or other devices you use to access the services. This device information includes your connection type and settings when you access, update, or use our services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data.

We use this information to provide functionality; to recognize you across different Services and devices; operate, maintain, and improve the Services.

We also use this information to troubleshoot, to identify trends, usage, activity patterns, and areas for integration and to improve our services and to develop new products, features and technologies that benefit our customers and the public.

We may also use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair the services.

We process this information subject to our legitimate interest.

Reviews and Feedback:
‍
To the extent you provide us with a review or feedback regarding any services or products provided by the Company, along with the content of the review or feedback which may include Health Related Data, you will be required to provide us additional information such as your full name, email address, address, etc.

We will use this information for the purpose of corresponding with you and replying to your review, if we believe it is necessary.

We will further use this information in order to offer you services, features or the like which we believe you might be interested in.

In addition, we will use this information in order to improve our services including our customer relationships.

We process this information subject to our legitimate interest.

End-Users

Customer Data:
‍
We will collect certain data regarding our Customers’ End-Users when such Customers are using our services and products, including data generated by the services, such as images and reports, including various Health Related Data, or uploaded and provided through the services by our Customers, including End-Users contact information.

We call the information that our products and services generate on behalf of our Customers, or information which Customers submit or collect via the products and services “Customer Data”.

We do not control the types of Personal Data that our Customers may choose to collect or manage using the services. We process the Customer Data as a processor under our Customers’ instructions and in accordance with our applicable services’ terms and conditions, which prohibit us from using your Personal Data except as necessary to provide and improve the services and as required by law.

Our customers control and are responsible for correcting, deleting or updating the information they process using the services and for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to us for processing purposes.

We use Customer Data to provide the product and services to our Customers.
We may also use Customer Data or machine learning that supports certain products and development of features and functionality with our multiple services or new, enhanced services. You may opt-out of having your Customer Data used for machine learning by emailing dpo@nanox.vision.

Further, we may use certain Customer Data for marketing purposes, in an event we host, or for other marketing purposes.

We rely on our Customers’ legal basis for collecting and using Customer Data as the data controller of such data sets.

Where we use Customer Data for marketing purposes we will obtain your explicit consent which can be withdrawn at any time.

Job Applicants

Recruitment:

When you apply for a job at the Company, we will process your CV (and the information included therein), as well as additional information such as your contact information (name, email address and phone number), information regarding your education and skills, employment history, and your photo (to the extent provided by you).

Further, where required by law, we may process diversity and inclusion data regarding your candidacy, such as ethnicity, gender, or any disability.In addition, we may collect other information from public and online sources, referees, background checks where applicable, and former employers and combine such data with the data you provided us (collectively, “Recruitment Data”).

For additional information please review our Job Candidates Privacy Policy, which governs the collection and use of data concerning Job Applicants.

‍

‍

We will use your Recruitment Data to process your job application and for our internal recruitment management purposes, for further recruitment steps (e.g., interview), and to enable us to comply with corporate governance and legal and regulatory requirements.

Following the completion of the recruitment process, we may further retain and store the Recruitment Data (including other interactions with us under such process) as part of our internal records keeping, including for legal defense from any future claim, as well as, and subject to applicable law requirements, to contact you in the future for other position we believe you qualify for, subject to our retention policy.

If you are hired, your Recruitment Data will be kept on our HR systems as part of your employment and our corporate management.

We currently use Comeet which processes your Recruitment Data on our behalf based on their Privacy Notice available here, and pursuant with Comeet’s contractual commitments under this data processing agreement.

We process Recruitment Data subject to our legitimate interest.In some cases, for example, where we will ask you to provide diversity and inclusion data, we will process such data based on our obligations in employment and the safeguarding of your fundamental rights.

Where you provided your consent, we will process your Recruitment Data in order to contact you with further job offers which we believe you might be interested in.

4. How We Collect Information

Depending on the nature of your interaction with us, we may collect information as follows:

• Automatically – certain Personal Data such as Online Identifiers and Telemetry Data is generated automatically and collected through the use of cookies and similar tracking technologies (such as pixels, tags, agent, etc.). For more information on the cookies we use and how to opt out of third-party collection of this information, please see our Section 5 below "Cookies and Similar Tracking Technologies".

• Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as through contact us form available on the website.

• Provided by your clinic or health care provider which are our Customers – where your health care provider provides you with healthcare services while using our products or services, we will collect certain data, including Health Related Data as detailed in the table above.

‍

5. Cookies and Similar Tracking Technologies

When you access to or use the website or some of our products and services, we use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.

If you wish to change the way such tracking tools collect your Personal Data through our website, please see our cookie list and policy available through our website footer, as well instructions on how to change your cookies settings and preferences at any time.

If you wish to change the way such tracking tools collect your Personal Data while using our products and services, please contact us directly via our Data Subject Request (“DSR”) form available here, or at: dpo@nanox.vision.

Also note that, most browsers will allow you to erase cookies from your device, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. Please note that once you choose to opt out or disable cookies, some features of the website may not operate properly, and your online experience may be limited.

‍

6. Data Sharing – Categories of Recipients We Share Personal Data With

We share your Personal Data with third parties, including with trusted partners or service providers that help us to manage our business operation, website, etc. You can find here information about the categories of such third-party recipients. ‍

CATEGORY OF RECIPIENT

DATA THAT WILL BE SHARED

PURPOSE OF SHARING

Service providers and business Partners

All types of Personal Data depending on the applicable service provider or business partner, and your interaction with us

We may share Personal Data including Health Related Personal Data about you with third-party business partners and service providers that perform services on our behalf in connection with our services, such as cloud service provider, analytics and marketing service providers, our CRM provider, etc. Where your Personal Data is shared with such third parties, we ensure that the third party will deal with your information only on our behalf and on our instructions and solely for the benefit of our business (and not for its own benefit).

Affiliated companies

All types of Personal Data, as strictly necessary and on a case-by-case basis.

We may share certain information with our affiliated companies, which will provide us with certain required services and, for internal compliance and measurement.

In addition, certain information may also be shared with potential affiliated companies in the event of a potential business re-organization while we undergo certain due diligence processes. In such event, those potential affiliated companies are bound by robust confidentiality obligations.

Necessary disclosures

All types of Personal Data as strictly necessary and on a case-by-case basis.

To the extent permitted or required by applicable law, we may disclose information about you to third parties to: (i) enforce or apply our terms of use or any applicable service agreement; (ii) comply with laws, subpoenas, warrants, court orders, legal processes or requests of government or law enforcement officials; (iii) protect our rights, reputation, safety or property, or that of our users or others; (iv) protect against legal liability; (v) establish or exercise our rights to defend against legal claims; or (vi) investigate, prevent or take action regarding known or suspected illegal activities; fraud; our rights, reputation, safety or property, or those of our customers or others; violation of our applicable policies and agreements; or as otherwise required by law.

7. Cross-Border Data Transfer

Due to our global business operation, your Personal Data may be transferred to, and processed in countries other than the country in which you reside. These countries may have data protection laws that are different to the laws of your country. However, in all cases, we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer.

Specifically, if and where Personal Data collected within the EU is transferred outside the EU (except for the US), to countries which were not granted with an adequacy decision by the European Commission and therefore do not provide an adequate level of protection to your Personal Data while it is transferred to such third-country, such transfer is subject to and made pursuant with the standard contractual clauses.

Additionally, if and where Personal Data collected within the UK is transferred outside the UK, to countries which were not granted with an adequacy decision by the UK Information Commissioner Office ('ICO') and therefore do not provide an adequate level of protection to your Personal Data while it is transferred to such third-country, such transfer is subject to and made pursuant with the UK standard contractual clauses.

8. Data Retention

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

9. Privacy Rights

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

In the table below you can review your rights depending on your interaction with us, how you can exercise them, and appeal a decision we take in this regard, any specification per geo-location or territory are available below the table:

CATEGORY OF RECIPIENT

DATA THAT WILL BE SHARED

Right to be informed

You have the right to be provided with information regarding our Personal Data collection and privacy practices. All is detailed under this Privacy Policy.

Right to know; access rights

You have the right to confirm whether we collect Personal Data about you, know which Personal Data we specifically hold about you, and receive a copy of such or access it.

if you wish to receive a copy of the Personal Data, please submit a DSR form as available here.

Right to correction/ rectification

You have the right to correct inaccuracies in your Personal Data, taking into account the nature and purposes of each processing activity. Please submit a DSR form as available here.

Right to be forgotten; Right to deletion

In certain circumstances, you have the right to delete the Personal Data we hold about you. For specifications regarding this right and its exclusions, or if you wish to ask to exercise this right, please submit a DSR form as available here.

Right to portability

You have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right, please submit our DSR form as available here.

Right to opt out under the EU and specifically in the US the right to opt out from: (i) selling personal data; (ii) right to opt out from targeted advertising; and (iii) right to opt out from profiling and automated decision making

Cookies and specifically opt out from sale of personal data for targeted advertising, monetary gain, or profiling, or share or sale of personal information for analytic or marketing: When you no longer wish for cookies to track your behavior for analytic or marketing purposes, you are able to:
‍

change your preferences through the cookie settings available on our website footer;
send us a DSR form as available here;
or contact us directly at: dpo@nanox.vision

Newsletter: You have the right to withdraw consent when you no longer wish to be in our newsletter list by clicking the “unsubscribe” link within the e-communication we sent you.

Further, you are able to install privacy-controls in the browser’s settings to automatically signal the opt-out preference to all websites you visit (like the “Global Privacy Control”). We honor the Global Privacy Control, where applicable, subject to your jurisdiction, as a valid request to opt-out of the sharing of information linked to your browser.

Note you may have the right to authorize another person acting on your behalf to opt out (including by technical tools and opt out signals).

Right to appeal or lodge a complaint

If we decline to take action on your request, we shall so inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the EU you have the right to lodge a complaint with the supervisor authority or the Information Commissioner in the UK.

Non-discrimination

Such discrimination may include denying a service, providing a different level or quality of service, or charging different prices. We do not discriminate our users and visitors.

10. Security

We take great care in implementing and maintaining the security of your Personal Data. We employ industry standard procedures and policies to ensure the safety of individuals’ information and prevent unauthorized use of any such.

We have implemented technical, physical and administrative security measures to protect the Personal Data we process. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our website, and we make no warranty, express, implied or otherwise, that we will always be able to prevent such access.

Please contact us at: dpo@nanox.vision if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

11. Children’s Data

Our services are not intended for children under the age of 18. However, End-Users to some of our Products and Services might be children under the age of 18 and to that extent we might have access to certain Customer Data about a child, only where our Customers obtain their legal guardian’s consent. We therefore strongly recommend that if you are a child you will review this Privacy Policy with your legal guardian.

12. JURISDICTION-SPECIFIC NOTICES

A. ADDITIONAL INFORMATION FOR COLORADO RESIDENTS

This section applies to Colorado residents acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context).

Under the Colorado Privacy Act (“CPA”), the Company is required to provide a privacy notice that identifies the following: in Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 9 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising, if applicable.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@nanox.vision and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

B. ADDITIONAL INFORMATION FOR CONNECTICUT RESIDENTS

This section applies to Connecticut residents acting only as an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity).

Under the Connecticut Data Privacy Act (“CDPA”), the Company is required to provide you with a clear and accessible privacy notice that includes the following: in Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 9 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising, if applicable.

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension. If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@nanox.vision and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

C. ADDITIONAL INFORMATION FOR VIRGINIA RESIDENTS

This section applies to Virginia residents acting only as an individual or household context (and not in an employment or commercial context).

The Virginia Consumer Data Protection Act (“VCDPA”) requires the Company to disclose the following: In Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 9 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising, if applicable.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@nanox.vision and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

D. ADDITIONAL INFORMATION FOR UTAH RESIDENTS

This section applies to Utah residents acting only as an individual or household context (and not in an employment or commercial context).

Under the Utah Consumer Privacy Act (“UCPA”), the Company is required to provide you with a clear and accessible privacy notice that includes the following: in Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 9 to this Privacy Policy details and discloses your rights if and to the extent applicable under the UCPA.

We will respond to your request within 45 days after receipt of your request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, we will provide with the reasoning for our refusal.