Effective Date: May 1, 2025  •  Last Updated: May 1, 2025

Version 2.0  •  Supersedes all prior versions

1. INTRODUCTION AND SCOPE

Maxim Men’s Health (“Company,” “we,” “us,” or “our”) is committed to protecting any personal and health information you provide to us. This Internet Privacy Policy (“Policy”) describes: (a) the types of information we collect from visitors and clients on this site; (b) how we use and share that information; (c) your rights; and (d) how to contact us with questions or concerns.

This Policy currently applies to visitors and clients accessing this site. It may not apply to transactions or information collected through other channels. For information collected through your active account, please refer to the account-specific privacy policy provided to you annually. This site is not directed to individuals under 18 years of age.

By using this site, you agree to this Policy. If you do not agree, please discontinue use of this site.

2. HIPAA NOTICE OF PRIVACY PRACTICES

Maxim Men’s Health is a covered entity and/or business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations (45 CFR Parts 160 and 164). We are required by law to: (i) maintain the privacy of PHI; (ii) provide you with this Notice; (iii) abide by the terms of this Notice; and (iv) notify you in the event of a breach of unsecured PHI.

2.1 What Is Protected Health Information (PHI)?

PHI is individually identifiable health information that relates to your past, present, or future physical or mental health condition; the provision of health care to you; or the payment for such health care. PHI includes, among other things:

• Name, address, date of birth, Social Security number, and other identifiers
• Medical and prescription history, diagnoses, and treatment records
• Lab and diagnostic results
• Health insurance and billing information
• Any information that could reasonably identify you in connection with your health or health care

2.2 Permitted Uses and Disclosures of Your PHI

Treatment

We may use and disclose your PHI to provide, coordinate, and manage your health care and related services, including sharing information with physicians, pharmacists, labs, telehealth providers, and other members of your care team.

Payment

We may use and disclose your PHI to obtain payment for services, including billing, claims submission, prior authorization, and collections.

Health Care Operations

We may use and disclose your PHI for internal operations such as quality assurance, provider credentialing, training, compliance audits, and business management.

As Required or Permitted by Law

We may disclose your PHI without your authorization when required or permitted by law, including to: public health authorities; law enforcement agencies pursuant to a lawful process; courts or administrative proceedings; or as otherwise required under applicable federal or state law.

Other Uses and Disclosures Require Your Authorization

Uses and disclosures not described above will be made only with your written authorization. You may revoke an authorization at any time in writing, except to the extent we have already relied on it.

2.3 Your HIPAA Rights

You have the following rights with respect to your PHI. To exercise any right, contact our Privacy Officer (see Section 11):

• Right to Access — Request a copy of your PHI in a designated record set, including electronic records in a format you request.
• Right to Amend — Request amendment of PHI you believe is inaccurate or incomplete.
• Right to an Accounting of Disclosures — Request a list of certain disclosures we have made of your PHI.
• Right to Request Restrictions — Request that we restrict certain uses or disclosures of your PHI. We are not required to agree except in limited circumstances under the HITECH Act.
• Right to Confidential Communications — Request that we communicate with you about PHI in a specific way or at a specific location (e.g., call only a work number).
• Right to a Paper Copy of This Notice — Request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
• Right to File a Complaint — File a complaint with us or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) if you believe your privacy rights have been violated. You will not be retaliated against for filing a complaint.

HHS OCR Complaint Contact: 200 Independence Ave., S.W., Washington, D.C. 20201 | www.hhs.gov/hipaa/filing-a-complaint

2.4 Minimum Necessary Standard

We make reasonable efforts to use, disclose, and request only the minimum amount of PHI necessary to accomplish the intended purpose.

2.5 Business Associates

We share PHI with third-party vendors and service providers (“Business Associates”) who perform services on our behalf, including technology vendors, billing companies, pharmacies, labs, and SMS service providers. All Business Associates are required to execute Business Associate Agreements (BAAs) that obligate them to safeguard your PHI in compliance with HIPAA.

2.6 Breach Notification

In the event of a breach of unsecured PHI, we will notify you and, where required, the HHS Office for Civil Rights, in accordance with HIPAA’s Breach Notification Rule (45 CFR §§ 164.400–414). Notification will be provided without unreasonable delay and no later than 60 calendar days following discovery of a breach.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

When you visit this site, complete forms, or use our services, we may collect personally identifiable information such as your name, address, phone number, email address, and other information for identification or to fulfill your online requests. We may also obtain information about you from third parties (such as credit bureaus and demographic firms). Any use of personal information is subject to the privacy policy provided in connection with your account.

3.2 Information Collected Automatically

When you visit our site, our web servers automatically collect:

• The domain name used to access the Internet (e.g., yahoo.com)
• Pages visited and timestamps
• Internet browser type and platform
• Referring links and links clicked within our site

This information is used by us, our service providers, affiliates, and business partners to measure visits, average time spent, page views, and other statistics; monitor site performance; and make the site easier and more convenient to use.

3.3 Cookies and Tracking Technologies

Our web servers use cookies (small data files) to track statistical information about navigation throughout our site and to measure the effectiveness of our marketing. Cookies used for internal purposes are not used to obtain your name or other personal data and are shared only with affiliates and contractors bound by confidentiality. You may set your browser to reject cookies or alert you before one is placed; however, doing so may affect site functionality.

We also use third-party advertising technology (including AdRoll) to place advertisements on other websites. This technology installs a small cookie when you view our ads. These cookies do not contain personally identifiable information (such as your name or email address) but contain a randomly generated unique identifier that may be recognized by a web beacon on our site if you click through from an ad. This allows us to track unique visitors and ad effectiveness. To opt out of AdRoll and their partners’ targeted advertising, please visit the AdRoll opt-out page.

We also use cookies to track items in your shopping cart, including abandoned carts, to determine when to send cart reminder messages (including via SMS, as further described in Section 5).

3.4 Mobile Applications

When you use our mobile applications, we may use cookies, web beacons, or other methods to customize your experience. Analytic tools may collect anonymized usage data (such as features used, device type, country, and language) to help us improve our apps. This data does not include personally identifiable information and will not identify you.

If you use any location-enabled features, you may send us location information. Maxim Men’s Health does not store or use this information beyond providing the requested service (e.g., finding a nearby retail location). Location features are opt-in and you may disable them at any time.

4. HOW WE USE YOUR INFORMATION

We may use information you provide through this site to:

• Respond to your questions and requests
• Provide customer support and fulfill specified services
• Contact you about updates to our services
• Measure site and marketing effectiveness
• Improve our products, services, and mobile applications

We will not use PHI for marketing or commercial purposes without your written HIPAA authorization.

5. SMS / TEXT MESSAGE PROGRAMS

Maxim Men’s Health operates the following Application-to-Person (A2P) SMS messaging programs. Each program is described separately below, consistent with CTIA Messaging Principles and Best Practices and the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227.

5.1 SMS Marketing Program

5.2 SMS Abandoned Cart Reminder Program

This site uses cookies to track items you add to your shopping cart, including when you abandon your cart. This information is used to determine when to send you a cart reminder via SMS, subject to your prior consent.

5.3 General SMS Compliance Disclosures

Opt-Out (STOP)

You may opt out of any Maxim Men’s Health SMS program at any time by replying STOP, CANCEL, QUIT, END, or UNSUBSCRIBE. After we receive your opt-out request, we will send one final confirmation message confirming you have been unsubscribed, and you will receive no further messages from that program. To opt back in, follow the program-specific opt-in instructions above.

Help (HELP)

At any time, reply HELP to any message to receive assistance. You may also contact us at [email protected] or call [PHONE NUMBER].

Supported Carriers

Our SMS programs are available through all major U.S. wireless carriers, including AT&T, Verizon, T-Mobile, Sprint/T-Mobile, Boost Mobile, MetroPCS, and U.S. Cellular. Carrier availability is not guaranteed for all programs or geographic areas.

PHI and SMS

In compliance with HIPAA, we do not transmit unencrypted PHI via standard SMS. SMS messages will not include your diagnoses, prescriptions, or other sensitive health information. Any detailed health information will be communicated only through your HIPAA-secured patient portal or other encrypted channels.

SMS Third-Party Data Sharing

The opt-in data you provide (including your phone number and SMS consent) will not be shared with or transferred to any third party for marketing purposes. SMS service providers who transmit our messages on our behalf are our Business Associates and are contractually required to comply with HIPAA and applicable SMS regulations. We reserve the right to disclose information as necessary to satisfy any legal, regulatory, compliance, or governmental request, or to protect our legitimate rights and property.

TCPA and CTIA Compliance

Our SMS programs comply with the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles and Best Practices, and applicable wireless carrier A2P messaging policies.

6. SHARING YOUR INFORMATION

Personal information collected on this site may be shared as described below and pursuant to the account-specific privacy policy that governs your Maxim Men’s Health account:

• Service providers and contractors who assist us in operating this site and providing our services, who are bound by confidentiality obligations
• Financial institutions with whom we jointly offer financial products
• Our affiliates
• Third parties offering special products or services to you (with your consent where required)
• As permitted or required by law (e.g., credit bureau agencies, law enforcement, or government agencies)
• Businesses from or to whom we buy or sell assets (with appropriate privacy protections)

If you have provided personally identifiable information in connection with a specific product or service, please refer to the privacy policy covering that product or service for applicable opt-out options.

7. DATA SECURITY

We maintain reasonable physical, electronic, and procedural safeguards that comply with federal standards, including HIPAA’s Security Rule (45 CFR Part 164, Subpart C), to guard nonpublic personal information and PHI against loss, misuse, or unauthorized access, disclosure, alteration, or destruction. We limit access to personal and account information to employees and agents who assist us in providing products and services to you. Employees who misuse customer information are subject to disciplinary action. Third parties to whom we disclose nonpublic personal information are required to adhere to appropriate security standards.

Please note that information transmitted electronically is not necessarily secure. We suggest you do not use unsecured electronic methods to communicate highly sensitive information such as Social Security numbers or credit card numbers. We employ reasonable safeguards to protect SSNs in our possession, including: (i) restricting employee access to SSNs; (ii) preventing unauthorized third-party access; and (iii) prohibiting unlawful disclosure of SSNs.

8. MINORS

This site is not intended for persons under 18 years of age. We do not knowingly solicit or collect personal information from or about children under 18, and we do not knowingly market our products or services to children under 18. If we learn we have inadvertently collected information from a minor, we will promptly delete it. If you believe a minor has submitted personal information to us, please contact our Privacy Officer immediately.

9. THIRD-PARTY WEBSITES AND ADVERTISING

This site may contain links to third-party websites, including those of our advertising partners. We are not responsible for the privacy practices of those websites. The privacy policies of websites on which we advertise govern how cookies installed through their platforms are handled. We encourage you to review the privacy policy of any third-party site you visit.

This Internet Privacy Policy is provided in accordance with and subject to applicable U.S. law. If you access this site from outside the United States, your use of this site is subject to this Policy.

10. CHANGES TO THIS POLICY

We reserve the right to modify or supplement this Internet Privacy Policy at any time. If we make any material change, we will update our site to include such changes and, where changes affect your PHI or are otherwise required by law, we will provide direct notice. We recommend that you review this Policy regularly. We provide account-specific privacy policies to active account holders annually.

11. CONTACT US — PRIVACY OFFICER

If you have questions, concerns, or requests regarding this Policy or your privacy rights (including HIPAA rights), please contact our Privacy Officer: