Privacy Shield Notice

Effective Date: 13 June 2019

Butterfly is committed to protecting your privacy. This Privacy Shield Notice sets out the privacy principles we follow with respect to transfers of personal information from the European Economic Area (“EEA”), the United Kingdom ("UK") and Switzerland, including personal information we process in connection with our Services from Service Users, patients and any other personal information we receive or otherwise collect connection with our Marketing Activities. Unless otherwise specifically defined in this Notice, capitalized terms used in this Notice shall have the same meaning as the Butterfly Privacy Notice located here: https://www.butterflynetwork.com/privacy-policy.

Butterfly Network, Inc. commits to comply with the EU-US and Swiss-US Privacy Frameworks as set forth by the United States Department of Commerce regarding the collection, use and retention of personal information from the EEA, UK and Switzerland. We have certified to the US Department of Commerce that we adhere to the Privacy Shield Principles in respect of all personal information received from the EEA, UK and Switzerland in reliance on the Privacy Shield.

For more information about the Privacy Shield generally and to review our certification online, please visit: https://www.privacyshield.gov/list.

For purposes of enforcing compliance with the Privacy Shield, Butterfly is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

If there is any conflict between the terms of this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Types of Personal Information We Collect and Use

The Butterfly Privacy Notice describes the categories of personal information we may receive and process in the United States, as well as the purposes for which we use that personal information.

Your Choices

We will only process such personal information in ways that are compatible with the purposes we collected it for, or for the purposes you later authorize.

Before we use your personal information for a purpose that is materially different than the purpose we collected it or that you later authorized, we will provide you with the opportunity to opt-out.

Transfers to Third Parties

Information about the types of third parties to which we disclose personal information and the purposes for which we do so is described in the Butterfly Privacy Notice.

If we have received your personal information in the United States and subsequently transfer that information to a third party acting as an agent, and such third party agent processes your personal information in a manner inconsistent with the Privacy Shield Principles, we will remain responsible unless we can prove we are not responsible for the event giving rise to the damage.

Disclosures For National Security Or Law Enforcement

Please note that under certain circumstances, we may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security

We maintain reasonable and appropriate security measures to protect personal information we process from loss, misuse, unauthorized access, disclosure, alteration, or destruction, taking into account the nature of the personal information and the risks involved in processing that information, in accordance with the Privacy Shield.

Your Privacy Shield Rights

If you are from the EEA, UK or Switzerland, you have the right to request access to the personal information that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield.

If you would like to exercise these rights, please write to us at the contact details provided below. We may request specific information from you to confirm your identity and we will respond to your request in accordance with the Privacy Shield Principles and applicable data protection laws.

You may also opt-out of receiving marketing communications from Butterfly by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.

When Butterfly processes personal information about patients as a data processor on behalf of its Service Users (the data controllers), our Service Users are responsible for providing their own patients with access to personal information and the right to correct, amend or delete the information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate. In such circumstances, patients should direct their questions and requests to the relevant Service User. However, when a Service User's patient is unable to contact the Service User, or does not obtain a response from such Service User, Butterfly will provide reasonable assistance in forwarding the request from the Service User's patient to the Service User.

Questions or Complaints

In compliance with the Privacy Shield Principles, Butterfly commits to resolve complaints about our collection or use of your personal information. EEA, UK or Swiss individuals with inquiries or complaints regarding this Notice should first contact us at:

Data Protection Officer

Butterfly Network, Inc.

530 Old Whitfield St, Guilford, CT 06437

Email: dpo@butterflynetinc.com

We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your personal information within 45 days of receipt.

Butterfly has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact JAMS or visit the JAMS website for more information or to file a complaint. The services of JAMS are provided at no cost to you. JAMS mediation may be commenced as provided for in the relevant JAMS rules.

When Butterfly processes personal information about patients as a data processor on behalf of its Service Users (the data controllers), patients should submit complaints concerning the processing of their personal information to the relevant Service User, in accordance with the Service User’s dispute resolution process. Butterfly will participate in this process at the request of the patient or the Service User.

Binding Arbitration

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with Butterfly and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. To find out more about the Privacy Shield's binding arbitration scheme, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Contact Us

If you have any questions about this Notice or would like to request access to your personal information, please contact us as follows: