Who we are

Our website address is: https://nulease.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Nulease App Privacy Policy

Privacy Policy Effective Date: April 18, 2018 We collect certain information through our website, located at www.nulease.com (our “Website”). This page (this “Privacy Policy”) lays out our policies and procedures surrounding the collection and handling of any such information that identifies an individual user or that could be used to contact or locate him or her (“Personally Identifiable Information” or “PII”). As used herein, Personally Identifiable Information includes Personal Healthcare Information (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy applies only our Website. It does not apply to any third party site or service linked to our Website or recommended or referred by our Website or by our staff. And it does not apply to any other website or online service operated by our company, or to any of our offline activities. A. PII We Collect We collect the following Personally Identifiable Information from users who buy our products and services: name, e-mail address, telephone number, address, and credit card number, personal medical history, pre- existing medical conditions, current medical conditions, insurance providers identity and billing information, prescription medications, diagnostic test results, diagnoses, treatment regimes, doctors and other care givers responsible for treatment, emergency contact information, guardian identity and contact information, and attorney-in-fact identity and contact information. We also use “cookies” to collect certain information from all users, including non-subscribing website visitors. A cookie is a string of data our system sends to your computer and then uses to identify your computer when you return to our Website. Cookies give us usage data, like how often you visit, where you go at the site, and what you do. B. Our Use of PII Except for HIPAA-controlled PHI, we use your Personally Identifiable Information to create your account, to communicate with you about your current subscription, and to offer you additional products and services. We also use that information to the extent necessary to enforce our Website terms of service and to prevent imminent harm to persons or property. HIPAAcontrolled PHI is not used by Provider, its agents, or contractors in any way except as necessary for provision of the Service. We use cookies so that our Website can remember you and provide you with the information you are most likely to need. For instance, when you return to our Website, cookies identify you and prompt the site to provide your username (not your password), so you can sign in more quickly. Finally, we use information gained through cookies to compile statistical information about use of our Website, such as the time users spend at the site and the pages they visit most often. Those statistics do not include PII. C. Protection of PII We employ the following data security tools to protect Personally Identifiable Information: secure server with Secure Socket Layer (SSL).

Unfortunately, even with these measures, we cannot guarantee the security of PII. By using our Website, you acknowledge and agree that we make no such guarantee, and that you use our

Website at your own risk. D. Contractor and Other Third Party Access to PII We give certain independent contractors access to Personally Identifiable Information. All contractors are required to sign contracts in which they promise to protect PII using procedures reasonably equivalent to ours. Users are not third party beneficiaries of those contracts. We also may disclose PII to attorneys, collection agencies, or law enforcement authorities to address potential AUP violations, other contract violations, or illegal behavior. And we disclose any information demanded in a court order or otherwise required by law or to prevent imminent harm to persons or property. As noted above, we compile Website usage statistics from data collected through cookies. We may publish those statistics or share them with third parties, but they don’t include PII. E. Accessing and Correcting Your PII You can access and change any Personally Identifiable Information we store through your “My Account” page. F. DNT Policy Disclosure This section outlines how we apply Do Not Track ‘DNT’ regulatory requirements per California’s Online Privacy Protection Act’s (CalOPPA) effective January 1, 2014. We do not recognize DNT mechanisms that have been designed to prevent tracking of Personal Identifying Information (PII). Please read your rights carefully. We will track unique identifiers, and passively collected information such as device identifiers and geolocation data about California residents’ online activities over time and across third-party websites or services, including via mobile apps. G. Amendment of this Privacy Policy We may change this Privacy Policy at any time by posting a new version on this page or on a successor page. The new version will become effective on the date it’s posted, which will be listed at the top of the page as the new Effective Date.

Appendix C.

Data Policy 1. Access, Use, & Legal Compulsion. Unless it receives Recipient’s prior written consent, Provider: (i) will not access or use data in electronic form collected through the Services from Recipient, or accessible directly from Recipient, (collectively, “Recipient Data”) other than as necessary to facilitate the provision of Service; and (ii) will not give any third party access to Recipient Data that is regulated under HIPAA. Notwithstanding the foregoing, Provider may disclose Recipient Data as required by applicable law or by proper legal or governmental authority. Provider will give Recipient prompt notice of any such legal or governmental demand and reasonably cooperate with Recipient in any effort to seek a protective order or otherwise to contest such required disclosure, at Recipient’s expense. 2. Recipient’s Rights. Recipient possesses and retains all right, title, and interest in and to Recipient Data, and Provider’s use and possession thereof is solely as Recipient’s agent. Recipient may access and copy any Recipient Data in Provider’s possession at any time using tools provided to Recipient as part of the Service. 3. Retention & Deletion. Provider will retain any Recipient Data in its possession until Erased (as defined below) pursuant to this Subsection (3), or until 90 days following termination or expiration of the Recipient’s subscription to the Service. After termination or expiration of the Recipient’s subscription to the Service, the Provider shall Erase the Recipient Data within thirty

(30) days. Notwithstanding the foregoing, Recipient may at any time instruct Provider to retain and not to Erase or otherwise delete Recipient Data, provided Recipient may not require retention of Recipient Data for more than 120 days after termination or expiration of this Agreement. Promptly after Erasure pursuant to this Subsection (3), Provider will certify such Erasure in writing to Recipient which may be provided via email. As used herein, “Erase” and “Erasure” refer to the destruction of data so that no copy of the data remains or can be accessed or restored in any way. 4. Individuals’ Access. Provider will not allow any of its employees to access Recipient Data, except to the extent that an employee needs access in order to facilitate

the Services and executes a written agreement with Provider agreeing to comply with Provider’s obligations set forth in this Appendix C. Provider will perform a background check on any individual it gives access to Recipient Data. Such background check will include, without limitation, a review of the individual’s criminal history, if any. Provider will not grant access to Recipient Data if the background check or other information in Provider’s possession would lead a reasonable person to suspect that the individual has committed identity theft or otherwise misused third party data or that the individual presents a threat to the security of Recipient Data.

5. Compliance with Law & Policy. Provider will comply with all applicable federal and state laws and regulations governing the handling of Recipient Data including requirements for special handling of HIPAA-controlled PHI. 6. Leaks. Provider will promptly notify Recipient of any actual or potential exposure or misappropriation of Recipient Data (any “Leak”) that comes to Provider’s attention. Provider will cooperate with Recipient and with law enforcement authorities in investigating any such Leak, at Provider’s expense. Provider will likewise cooperate with Recipient and with law enforcement agencies in any effort to notify injured or potentially injured parties, and such cooperation will be at Provider’s expense, except to the extent that the Leak was caused by Recipient. The remedies and obligations set forth in this Subsection (6) are in addition to any others Recipient may have. 7. Injunction. Provider agrees that violation of the provisions of this Appendix C might cause Recipient irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Recipient will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security

Let us help invest in your future.

Contact Us Today!