PRIVACY POLICY

Please read this Policy as it includes important information regarding your Personal Data and other information.
Capitalised terms not defined in this Policy shall have the meanings given to such terms in the Terms of Service. If
you have any questions or concerns, please do not hesitate to contact us at: Info@mdhealthtrak.com.

1. Information We Collect.

(a) Personal Data. Personal Data and other information are collected from you when you create a Profile with us or
when you otherwise disclose Personal Data or other information to us or third parties when using the Services.
“Personal Data” means any information that may be used to identify an individual. Personal Data does not include
aggregate information. In connection with the Services, you may be asked to provide us the following Personal Data
and other information: your name, mailing address, telephone number, gender, preferences, work experience,
payment information, and other information in connection with the Services.

(b) Use Data. When you send or receive Content using our Services, we collect data about that Content.

(c) Log Information. When you browse our Services, you do so anonymously, unless you have previously created a
Profile with us. However, we may log your IP address to give us an idea of which part of our Services you visit and
how long you spend there. However, we do not link your IP address to any Personal Data unless you have logged
into our Services. Also, our Services may use a standard technology called a ‘cookie’ to collect information about
how you interact with our Services. Please see Section 7 below for more information.

(d) Aggregate Data. Certain aspects of our Services are set up to collect and report aggregate information. Aggregate
information is data we collect about the use of the Services or about a group or category of products, services or
Users, from which individual identities or other Personal Data has been removed. In other words, information about
how you use the Services may be collected and combined with information about how others use the Services.
Aggregate data helps us understand trends and User’s needs so that we can better consider new features or otherwise
tailor our Services. This Policy does not restrict what we can do with aggregate information.

(e) Analytics. We may use third party analytics tools to collect information about use of our Services. Analytics tools
collect information such as how often Users visit our Website, what pages Users visit when Users visit our Website,
and the other websites they accessed prior to accessing our Website. We use the information we gather from
analytics to improve our Services. Analytics tools collect information such as the IP address assigned to you on the
date you visit our Website, but does not collect Personal Data. We do not combine the information collected through
the use of analytics with Personal Data. Although our analytics tools may plant a cookie on your web browser to
identify you as a unique User the next time you visit our Website, the cookie cannot be used by anyone but our
analytics tools. In the event that we use Google’s ‘Google Analytics’, then Google’s ability to use and share
information collected by ‘Google Analytics’ about your visits to our Website is restricted by the Google Analytics
Terms of Use and the Google Privacy Policy. You can prevent analytics tools from recognizing you on return visits
to this Website by disabling cookies on web browser. See Section 7 below for more information.

(f) Device Information. We may collect data about the computer or Device you use to access our Services, including
the hardware model, operating system and version, MAC address, unique device identifier (‘UDI’), phone number,
and mobile carrier information.

2. How We Use It.

We use, allow access to, or disclose your Personal Data to third parties with whom we partner in
order to:
(a) enable us to provide the Services to you;
(b) notify you regarding Services, your Profile, or fees;
(c) increase the usability of the Services;
(d) provide information about promotional offers;
(e) investigate objectionable use of the Services;
(f) respond to requests for assistance from our customer support team;
(g) analyze trends and use of our Services; and
(h) carry on our business, as determined by us.

3. Who We Share It With.

We will share your Personal Data with third parties:
(a) When you have enabled us to share your Personal Data with another company or our Affiliates.
(b) When necessary, as determined by us in our sole discretion, to provide Services to you. This includes for the uses
listed in Section 2 above.
(c) When required by law or by court order.
(d) To protect our rights and property, to prevent fraudulent activity or other deceptive practices of Users or third
parties, or to prevent harm to others.
(e) If we are acquired by or merged with another company, or if our assets are sold to another company. In all of
these circumstances, you understand and agree that our Terms of Service and this Policy will be assigned and
delegated to the other company.
(f) To perform tasks for us or in connection with our business, as determined by us. We may use third parties to help
operate the Services and perform other aspects of the Services. You agree we may share your Personal Data with our
Affiliates and other third parties that provide services to us in connection with our business (such as website or
database hosting companies, address list hosting companies, email service providers, analytics companies,
distribution companies, and other similar service providers that use such information on our behalf). Unless
otherwise stated, these third parties do not have any right to use the Personal Data we provide to them beyond what
is necessary for them to assist us, as determined by us.

4. Marketing communications – OPT OUT

We may contact you from time to time for marketing purposes. Unless you have opted out, this could include
contacting you by phone or email. You may opt-out of receiving marketing communications from us by the
following means: (a) contacting us at Info@mdhealthtrak.com; (b) following the instructions in the communication;
or (c) by mailing the request to us at MDhealthtrack.com 6 Ferguson St, Poquoson, VA 23662.

5. Security of Your Personal Information.

We exercise care and prudence in protecting the security of Personal
Data provided to us. We carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration,
or destruction. Specifically, our Payment Processor uses the Secured Socket Layer (‘SSL’) encryption when
collecting, storing, or transferring sensitive data. Personal Data is stored in password-controlled servers with limited
access. However, you have a significant role in Profile security. Someone may see or edit your Personal Data if that
person gains access to your username and password, so do not share these with others. WE TAKE THESE
PRECAUTIONS IN AN EFFORT TO PROTECT YOUR INFORMATION AGAINST SECURITY BREACHES.
HOWEVER, THIS IS NOT A GUARANTEE THAT SUCH INFORMATION MAY NOT BE ACCESSED,
DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF SUCH FIREWALLS AND SECURE SERVER
SOFTWARE. BY USING THE WEBSITE, YOU ACKNOWLEDGE THAT YOU UNDERSTAND AND AGREE
TO ASSUME THESE RISKS.

6. Your Profile.

Users may review and update Personal Data by logging into their Profile. If your Profile is
terminated by you or us, we may retain Content related to you for any reason we determine.

7. Cookies

(a) We and other third parties with whom we may partner may use cookies, clear GIFs and .pngs (also known as
‘web beacons’), or local shared objects (sometimes called ‘flash cookies’) to help personalize the Services. A cookie
is a text file that is placed on your computer or other device by a server. Cookies cannot be used to run programs or
deliver viruses to your computer or other device. Cookies are uniquely assigned to you, and can only be read by the
server that issued the cookie to you. A web beacon is typically a transparent .gif or .pngs graphic image (usually 1
pixel by 1 pixel in size) that is used in conjunction with the Services, which allows us or third parties with whom we
may partner to measure the actions of Users who interact with the portion of the Services that contain the web
beacons. We and other third parties use web beacons to measure traffic and related browsing behavior, and to
improve your experience when using the Services. We and other third parties may also use customized links or other
similar technologies to track hyperlinks that you click and associate that information with your Personal Data in
order to provide you with more focused communications. You have the ability to accept or decline cookies and web
beacons may be unusable if you elect to reject cookies. Most web browsers automatically accept cookies, but you
can usually modify the settings to decline cookies if you prefer. If you choose to decline cookies, you may not be
able to fully experience the interactive features of the Services.

8. Compliance with the Children’s Online Privacy Protection Act.

We recognize the need to provide further privacy protections with respect to Personal Data we may collect from Children who use our Services. For that reason, we make every effort to comply with the regulations of the Children’s Online Privacy Protection Act of 1998 (at 15 USC § 6501–6506). We never collect or maintain Personal Data through the Services from those we actually know are under thirteen (13), and no part of the Services are structured to attract anyone under thirteen (13). We expressly disclaim, and you expressly release us from, any and all liability whatsoever for any controversies, claims,
suits, injuries, harm, loss, penalties, damages, arising from and/or in any way related to any misrepresentations
regarding the age of any User. We reserve the right to suspend and/or terminate with or without notice the Profile of
User who we believe has provided false information when registering for and/or using the Services and each User
agrees to make no further use of the Services after termination and/or during suspension.

9. In the Event of Sale or Bankruptcy.

The ownership of the site, Mdhealthtrack.com change at some point in the
future. Should that occur, we want this site and the company to be able to maintain a relationship with you. In the
event of a sale, merger, public offering, conversion of the company entity into a different business entity, bankruptcy
or other change in control of THE COMPANY your information may be shared with the person or business that
owns or controls this site or the company. Opting out of receiving information from third parties will not affect our
right to transfer your information to a new owner, but your choices will continue to be respected regarding the use of
your information.

10. Changes to our Policy; Miscellaneous.

We reserve the right to change this Policy, our Terms of Service, and
our other Polices at any time. We will notify you about changes to this Policy by placing the updated Policy on the
Services. You agree that your use of the Services after such notification will constitute acceptance by you of such
changes to our Policy. This Policy is and any disputes in connection with this Policy are subject to our Terms of
Service and our other Policies which are each hereby incorporated herein by reference. In the event of any conflict
between the provisions of this Policy and our Terms of Service, our Terms of Service shall control.

11. Questions or Comments Regarding this Policy.

We value your comments and opinions. If you have questions,
comments or a complaint about compliance with this Policy, you may send a written notice to us
at: Info@mdhealthtrak.com or MDhealthtrak.com 6 Ferguson St, Poquoson, VA 23662

12. HIPAA: Notice of Privacy Practices – Effective March 2019

This Notice is provided to you pursuant to the privacy regulations enacted as a result of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA). We understand that information about you and your health is
very private, personal and sensitive. As such, we strive to protect your privacy as required by law. We will only use
and disclose your personal health information ("PHI") as allowed or required by law. We are committed to
excellence in the provision of state-of-the-art health care services through the practice of patient care, education, and
research. We require our employees and agents to be sensitive about privacy and to respect the confidentiality of
your PHI. We are required by law to maintain the privacy of our patients' PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. We are required to abide by the terms of this Notice ("Notice") as
long as this version is in effect. We reserve the right to change the terms of this Notice as necessary and to make the
new notice effective for all PHI maintained by us.
The terms of this Notice apply to the COMPANY. This Notice does not apply when visiting a physician, healthcare
facility or Provider in their private medical office or to the records and PHI maintained by the physician, healthcare
facility or Providers. Contact your provider directly for more information on their HIPAA policy.
If you have questions regarding the coverage of this Notice, or if you would like to obtain a copy of this Notice,
please contact the us.

PHI Use and Disclosure

The following categories describe the ways we may use or disclose your PHI without your consent or authorization.
For each category, we will give you illustrative examples.

A. Uses and Disclosures for Treatment

(i) Treatment. We use and disclose your PHI as necessary for your treatment. For instance, doctors, nurses, and other
professionals involved in your care that you authorize to access such information, may use information in your
medical record that may include procedures, medications, tests, etc. in order to assist in evaluating your health or
plan a course of treatment for you.
The sharing of your PHI for treatment may happen electronically. Electronic communications enable fast, secure
access to your information for those participating in and coordinating your care to improve the overall quality of
your health and prevent delays in treatment.

(ii) Appointments and Services. We may use your PHI to remind you about appointments or to follow up on your
visit.

(iii) Business Associates. We may contract with certain outside persons or organizations to perform certain services
on our behalf, such as auditing, accreditation, legal services, etc. At times it may be necessary for us to provide your
PHI to one or more of these outside persons or organizations. In such cases, we require these business associates,
and any of their subcontractors, to appropriately safeguard the privacy of your information.

(iv) Other Uses and Disclosures. We are permitted or required by law to make certain other uses and disclosures of
your PHI without your consent or authorization. Subject to conditions specified by law, we may release your PHI:
(A) for any purpose required by law; (B) for public health activities, such as required reporting of disease, injury,
birth and death, and for required public health investigations; (C) to certain governmental agencies if we suspect
child abuse or neglect, or if we believe you to be a victim of abuse, neglect, or domestic violence; (D) to entities
regulated by the Food and Drug Administration, if necessary, to report adverse events, product defects, or to
participate in product recalls; (E) if required by law to a government oversight agency conducting audits,
investigations, inspections, and related oversight functions; (F) in emergency circumstances, such as to prevent a
serious and imminent threat to a person or the public; (G) if required to do so by a court or administrative order,
subpoena, or discovery request. In most cases you will have notice of such release; (H) to law enforcement officials,
including for purposes of identifying or locating suspects, fugitives, witnesses, or victims of crime, or for other
allowable law enforcement purposes; (I) to coroners, medical examiners, and/or funeral directors; (J) We may also
release your PHI, if necessary, for national security, intelligence, or protective services activities; and (K) if
necessary, for purposes related to your workers' compensation benefits.

Your Authorization.

Except as outlined above, we will not use or disclose your PHI for any other purpose unless
you have signed a form authorizing the use or disclosure. The form will describe what information will be disclosed,
to whom, for what purpose, and when. You have the right to revoke your authorization in writing, except to the
extent we have already relied upon it. These situations can include (i) uses and disclosures of psychotherapy notes;
(ii) uses and disclosures of PHI specially protected by state and/or Federal law and regulations; (iii) uses and
disclosures for certain research protocols; and (iv) disclosures that constitute a sale of PHI.

Confidentiality of HIV-Related Information, Alcohol and Drug Abuse Patient Records, and Mental Health
Records.

The HIV-related information, confidentiality of alcohol and drug abuse treatment records, and mental
health records maintained by us is specifically protected by state and Federal law and regulations. Generally, we may
not disclose such information unless you we have your written consent, the disclosure is allowed by a court order, or
in limited and regulated other circumstances.

Your Rights as a Patient

Access to Your PHI.

Generally, you have the right to access, inspect, and receive paper or electronic copies of
certain PHI that we maintain about you. Requests for access must be made in writing and be signed by you or, when
applicable, your legally authorized personal representative. We will charge you for a copy of your medical records in
accordance with a schedule of fees under federal and state law. You may also access much of your health
information using the org patient portal.

Corrections or Amendments to Your PHI.

You have the right to request that PHI that we maintain about you be
corrected or amended. Requests for amendment must be made in writing and signed by you or, when applicable,
your legally authorized personal representative. and must state the reasons for the amendment or correction request.
We are not obligated to make all requested amendments but will review each request. If we grant your amendment
request, we may update other prior recipients of such information to inform them of the change. Please note that
even if we grant your request, we may not purge or delete information already documented in your medical record.

Accounting for Disclosures of Your PHI.

You have the right to receive an accounting of certain disclosures made
by us of your PHI, except for disclosures made for purposes of treatment or for certain other limited exceptions. This
accounting will include only those disclosures made in the six years prior to the date on which the accounting is
requested. Requests must be made in writing and signed by you or, when applicable, your legally authorized
personal representative. There may be costs associated with providing this accounting, please contact us for more
information at Info@mdhealthtrak.com MDhealthtrack.com 6 Ferguson St,, Poquoson, VA 23662.

Restrictions on Use and Disclosure of Your PHI.

You have the right to request restrictions on certain uses and
disclosures of your PHI for treatment. We are not required to agree to your restriction request, unless otherwise
described in this notice, but will attempt to accommodate reasonable requests when appropriate. We retain the right
to terminate an agreed-to restriction if we believe such termination is appropriate. In the event we have terminated
an agreed upon restriction, we will notify you of such termination. The request must be signed by you or, when
applicable, your legally authorized personal representative.

Confidential Communications.

You have the right to request communications regarding your PHI from us by mail,
and we will accommodate reasonable requests by you. You, or when applicable, your legally authorized personal
representative must request such alternate means of confidential communication in writing. There may be costs
associated with such communications. Please contact us for further information at Info@mdhealthtrak.com
MDhealthtrack.com 6 Ferguson St,, Poquoson, VA 23662.

Notification of Breach of PHI.

We are required to notify you in writing of any breach of your unsecured PHI
without unreasonable delay, but in any event, no later than 60 days after we discover the breach.

Paper Copy of Notice.

You have the right to obtain a paper copy of this Notice. Please contact us for further
information at Info@mdhealthtrak.com MDhealthtrack.com 6 Ferguson St,, Poquoson, VA 23662.

Complaints.

If you believe your privacy rights have been violated, you may file a complaint in writing with THE
COMPANY. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services
(“HHS”) 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting
www.hhs.gov/ocr/privacy/hipaa/complaints/. All complaints must be made in writing and in no way will affect the
quality of care you receive from us. There is no penalty for filing a complaint.

For Further Information.

If you have questions or need further assistance regarding this Notice, you may contact
us at Info@mdhealthtrak.com MDhealthtrack.com 6 Ferguson St,, Poquoson, VA 23662.
This Notice is effective March 6, 2019.