Mosaic Health (“Mosaic”, “our,” “us,” or “we”) refers to the national healthcare delivery organization that consists of the following Business Units: i) Millennium Physician Group, including its affiliates (collectively, “MPG”); ii) the joint entities comprised of Castlight Health, Inc., including its affiliates (collectively, “Castlight”) and Vera Whole Health, including the Vera-friendly PCs (collectively, “Vera”); and iii) CareMore Health, which is a subsidiary of Elevance Health, (collectively, “CareMore”).

For the purposes of this Mosaic Website Privacy Notice (“Website Privacy Notice” or “Notice”), this Notice applies when visiting www.mosaichealth.com, including any of its subpages collectively the “Mosaic Corporate Websites” or “Corporate Websites”. To the extent one of the above-mentioned Business Units does not have its own Website Privacy Notice for their website, then this Website Privacy Notice shall apply. Health and wellness products and/or clinical services offered by any of Mosaic’s Business Units shall be referred to as “Mosaic Services” or “Services”.

At Mosaic, we respect your privacy and take Internet privacy very seriously. This Website Privacy Notice was written for you, (the “Website Visitor”). The term Website Visitor includes, but is not limited to: (i) individuals browsing any of our Corporate Websites; (ii) customers and/or business prospects; or (iii) any other Internet user who visits our Corporate Websites. This Website Privacy Notice is only intended to describe what Personal Information may be collected from you when browsing our Corporate Websites for analytical purposes.

• For Mosaic job applicants and/or employees, the Mosaic Candidate Privacy Notice applies and describes how these individual's Personal Information is collected, used, and disclosed during the application and recruitment process.

By visiting any of our Corporate Websites, you are consenting to the collection, use, and disclosure of your personal information as described herein this Website Privacy Notice. Please read this Website Privacy Notice carefully and do not continue to use our Corporate Websites if you do not agree with how your Personal Information may be collected, used and disclosed. We reserve the right to modify this Website Privacy Notice as needed to accurately reflect our Personal Information collection, use, and sharing practices, and when required by law. If we make changes to this Website Privacy Notice, a new ‘Effective Date’ will be reflected at the top of this Notice.

Table of Contents:

• Section 1 – Personal Information We Collect and Use
• Section 2 – Personal Information We Disclose
• Section 3 – Your Rights to Specific Uses of Your Personal Information
• Section 4 – Security and Retention of Personal Information
• Section 5 – Tracking Technologies
• Section 6 – How To Contact Us

Section 1 – Personal Information We Collect and Use

Personal information refers to information that reasonably identifies, relates to, describes, or can be associated with a Website Visitor. When interacting with our Corporate Websites, we may collect and use the following types of Personal Information.

1. Information Requests. If you wish to request more information about Mosaic Services, such as subscribing to our marketing emails, you will be required to provide contact information such as your name and email address. This information will only be used by us to communicate with you about Mosaic Services.
2. Information from Third Parties. We may receive information about you from third parties. For example, we may supplement the information we collect with outside records, or third parties may provide information in connection with a business relationship. If others give us your information, we will only use that information for the specific reason for which it was provided to us.
3. Information from Your Contacts. We may also collect information about your contacts. Your disclosure of such information is completely voluntary. When you provide us with information about your contacts, we will only use this information for the specific reason for which it was provided.
4. Log Files. As with of most websites, our Corporate Websites automatically collect and store in log files the Internet Protocol (IP) address of the computer you are using, the name of the domain and host from which you access the Internet, the browser software you use, your device’s operating system, the date and time you access the service, and the Internet address of the website from which you directly linked to our Corporate Websites. We may combine this automatically collected log information with other information we collect about you. We use this log file information to analyze trends, monitor service traffic and usage patterns for internal marketing and security purposes, and to help make our Corporate Websites more useful.
5. Locator information. We, alongside your internet provider, may use locator information as is necessary to enforce any of the terms of this notice. This information may include your name, email address, physical address, and/or other data that enables us to personally identify you.

Section 2 – Personal Information We Disclose

While we retain the right to disclose the Personal Information we collect from you for our internal business purposes, there may be times when we disclose your Personal Information to third parties for our legitimate business purposes. Unless you have otherwise consented to additional use or disclosure of your Personal Information, we will only disclose such Personal Information to third parties for the following reasons:

1. Disclosures in Good Faith. We may disclose your Personal Information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or the security of our systems, or respond to a government request, subpoena or similar legal process, including if we are involved in a merger, acquisition, or sale of all or a portion of its assets. We may notify you by a prominent notice on our Corporate Websites of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
2. Third-Party Vendors. We may provide your Personal Information to companies that provide services to help us with our business activities, such as our marketing initiatives. These companies are only authorized to use your Personal Information as necessary to provide such services to us.
3. Third-Party Websites. If you use our Corporate Websites to link to another organization’s website, you may decide to disclose Personal Information on that website. For example, you might provide your contact information to obtain information from another organization. Please be aware that in contacting that website, or in providing information on that website, that third party website may obtain Personal Information about you, and this Website Privacy Notice will not apply when you leave our Corporate Websites.

Section 3 – Your Rights to Specific Uses of Your Personal Information

You have the right to correct, update, amend or otherwise opt-out of the way we collect, use and disclose your Personal Information when visiting our Corporate Websites by contacting us by email at [email protected] or by clicking unsubscribe at the bottom of an email or replying STOP or LEAVE to any text you may receive from us. We will store your adjusted communication preferences in our internal Do Not Contact List. If you later decide to opt-in to a certain communications, we will adjust your preferences for only that communication method.

You may have specific privacy rights based on your state residency. For more details on how to exercise your rights, please review the Supplemental State Privacy Privacy Statement.

Section 4 – Security and Retention Of Information

The security of your Personal Information is important to us. We implement the appropriate technical, physical, and administrative security measures to secure all information collected and stored by our Corporate Websites. Some of our Business Units also maintain a biennial annual HITRUST Certification and annual SOC 2 compliance audit. Mosaic Business Units that maintain physical data centers secure all communications between you and our servers in an encrypted manner. Internal access to your Personal Information is also encrypted, and limited to the business needs of those with role-based access, only when necessary.

We will retain your Personal Information as long as we have a legitimate business purpose to use your information such as, but not limited to, operating our Corporate Websites, complying with legal obligations, resolving disputes, or enforcing our agreements. When there is no longer such a purpose, we will destroy your information, or if this is not possible, then we will securely store your Personal Information and isolate it from any further processing until destruction is possible. We will also destroy certain Personal Information we collect about you upon your request and as described in Section 3.

While we actively follow industry accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it, no security system is perfect, and methods of transmission over the Internet and electronic storage are never 100% secure. Therefore, we cannot guarantee absolute security, however, we rely on our implemented security measures and our users to protect privacy and security.

Section 5 – Tracking Technologies

Our Corporate Websites may use tracking technologies such as cookies, pixels, web beacons, tags, scripts and other technologies to collect information about you. These technologies help us save your preferences and understand how you navigate through our Corporate Websites so that we may improve your experience and measure the effectiveness of our digital advertising campaigns. For example, we may use a conversion pixel on our Corporate Websites to track your interactions after you click on an advertisement for our Services from a third-party website. In certain circumstances, you may be able to control the use of specific tracking technologies at the individual browser level. If you Reject All or certain tracking technologies, you may be limited in your ability to use all or certain functionalities of our Corporate Websites.

To further understand how we use tracking technologies to enhance your experience and analyze performance and traffic on our Corporate Websites, please review our Cookie Notice.

Section 6 – Contact Us

If you have questions or complaints regarding our Website Privacy Notice, please contact us at:

Mosaic Health

ATTN: Legal Office
1201 Second Ave., Suite 1400
Seattle, WA 98101
Email: [email protected]