Know Healthtech Inc. California Consumer Privacy Act Notice

(Last updated: September 1, 2020)

This California Consumer Privacy Act Notice (“Notice”) is provided by Know Healthtech Inc. and its affiliates and subsidiaries, referred to in this Notice as “we,” “us” or “our.” This Notice supplements the information contained in our general Privacy Policy as posted and updated from time to time. This Notice applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”) when you visit our website or subscribe to receive our services.

This Notice explains how we collect, use, and disclose personal information about California residents. This Notice also explains certain rights that California residents have under the California Consumer Privacy Act (“CCPA”). This Notice explains how California residents can exercise their rights under the CCPA to request that we: (1) provide certain personal information that we have collected about them during the past 12 months, along with related information described below, or (2) delete certain personal information that we have collected from them. Any terms defined in the CCPA have the same meaning when used in this Notice.

Under the CCPA, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. This information is referred to in this Notice as “Personal Data.”

  1. Categories of Personal Data that We Collect and Disclose

We collect, use, process, and disclose information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. The Personal Data that we collect, use, or disclose about a specific California resident will depend on, for example, our relationship or interaction with that individual.

During the past 12 months, we have collected the following categories of Personal Data:

  • Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver’s license or state identification card number, passport number, or other similar identifiers.

  • Customer Records, such as physical characteristics or description, telephone number, bank account number, credit card number, debit card number, or any other financial information.

  • Personal Characteristics or Traits, such as demographic data, age, ethnicity, citizenship, national origin, religion, creed, marital status, physical illness, mental illness or disabilities, gender (including gender identity and gender expression), sexual orientation, or marital Status.

  • Customer Account Details/Commercial Information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  • Internet Usage Information, such as browsing history, search history, and information regarding a consumer’s interaction with our website, application or advertisement.

  • Biometric Information, such as physiological, biological, or behavioral characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, including imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

  • Geolocation Data, such as physical location or movements and travel patterns.

  • Sensory Data, such as audio, electronic, visual, or similar information, including recordings of customer service calls. 

  • Inferences derived from your other Personal Data, such as information about your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Please note that we may not collect each of these categories about every consumer.

Personal Data, however, does not include:

  • Publicly available information from federal, state, or local government records.

  • De-identified or aggregated consumer information.

  • Information excluded from the CCPA's scope, like:

  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or

  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

2. Why We Collect Personal Data and How We Use It

The purposes for which we collect and use Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The table below lists the purposes for which we collect and use Personal Data in different contexts.

 

Purposes for Collection and Use

Examples

Provide and manage products and services

Support the ongoing management and maintenance of our products and services including matching potential patients with clinical trials and, if there is a match, to monitor the trial.

Support our everyday operations, including to meet risk, legal, and compliance requirements

Perform accounting, monitoring, and reporting.

Enable information security and anti-fraud operations, as well as due diligence.

Support audit and investigations, legal requests and demands, as well as exercise and defend legal claims.

Enable the use of service providers for business purposes.

Comply with policies, procedures, and contractual obligations.

Manage, improve, and develop our business

Market, personalize, develop, as well as improve our products and services.

Conduct research and analysis, including to drive product and services innovation.

Support customer relationship management.

Evaluate and engage in mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.

3. Sources of Personal Data

The sources from which we collect Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of sources from which we collect Personal Data in different contexts.

  • From California residents directly, or other individuals acting on their behalf, through physical (e.g., paper application), audible (e.g., phone), or electronic (e.g., website, social media) sources.

  • Public records or widely available sources, including information from the media, and other records and information that are made available by federal, state, or local government entities.

  • Outside companies or organizations from whom we collect Personal Data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples include companies or organizations to whom we provide products or services; other parties, partners, and business affiliates; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.

  • Outside companies or organizations that provide data to support activities such as fraud prevention, underwriting, and marketing.

4. Categories of Third Parties with Whom We Share Personal Data

The categories of third parties with whom we share Personal Data depend on, among other things, our relationship or interaction with a specific California resident. The information below lists the categories of third parties with whom we share Personal Data in different contexts.

  • Outside companies or organizations with whom we share Personal Data as part of providing products and services, completing transactions, supporting our everyday operations, or business management and development. Examples include companies or organizations to whom we provide products or services; other parties, partners, and business affiliates; and parties involved with mergers, acquisitions, and other transactions involving transfers of all or part of a business, or a set of assets.

  • Companies or individuals that represent California residents such as an accountant, financial advisor, or holder of a power of attorney.

  • Government agencies including to support regulatory and legal requirements.

  • Outside companies or organizations, in connection with routine or required reporting, including consumer reporting agencies and other parties.

5. “Sale” of Personal Data

The CCPA’s definition of “sale” is broad and includes communicating a consumer’s Personal Data to a third party for any valuable consideration. If you are matched with a clinical trial, any of your above described Personal Data may be shared with the trial sponsor and affiliated clinical facilities, and we are compensated if you are accepted into the trial.

6. Children’s Privacy

The CCPA provides consumers less than 16 years of age with a “right to opt-in,” as opposed to the “right to opt-out” available to consumers at least 16 years of age.

If we have actual knowledge that you are less than 13 years of age, we will not “sell” your Personal Data unless your parent or guardian has affirmatively authorized the sale. If we have actual knowledge that you are at least 13 years of age and less than 16 years of age, we will not “sell” your Personal Data unless you affirmatively authorized the sale. The CCP refers to this as the “right to opt-in.”

7. Requests Under the CCPA

A California resident has the right to request that we:

  1. Disclose to you the following information covering the 12-month period prior to your request (“Access Request”):

    1. The categories of Personal Data we collected about you and the categories of sources from which we collected the Personal Data;

    2. The business or commercial purpose for collecting Personal Data about you;

    3. The categories of third parties to whom we disclosed Personal Data about you, and the categories of Personal Data disclosed;

    4. The specific pieces of Personal Data we collected about you; and

2. Delete Personal Data we collected from you (“Deletion Request”).

If you are a California resident, a business may not discriminate against you for exercising your rights under the CCPA.

8. Responding to Requests

Privacy, data protection and other laws, as well as limitations within the CCPA, apply to much of the Personal Data that we collect, use, and disclose. When these laws apply, Personal Data may be exempt from, or outside the scope of, Access Requests and Deletion Requests. As a result, in some instances, we may decline all or part of an Access Request or Deletion Request related to this Personal Data. This means that we may not provide some or all of this Personal Data when you make an Access Request. Also, we may not delete some or all of this Personal Data when you make a Deletion Request.

As examples, our processing of or response to an Access Request or Deletion Request may not include all of your Personal Data as appropriate for us to:

  • Complete a transaction for which the Personal Data was collected, including to provide a service that has been requested or is reasonably anticipated, or otherwise perform a contract between us and you.

  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

  • Debug, such as to identify and repair errors that impair existing intended functionality.

  • Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.

  • Research, such as engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest.

  • Comply with a legal obligation.

The limitations described above are examples. We have not listed all types of situations that may apply when we respond to or process Access Requests or Deletion Requests.

9. How to Make Requests

If you are a California resident, you (or your authorized agent, as described below) can make an Access Request or a Deletion Request by:

  • Contacting us at [telephone number].

  • Submitting your request at [CCPA@KnowHealth.com].

  • Using this link (also available on our home page): Do Not Sell My Personal Information [make a hyperlink]

To make your request, you must provide us with your first and last name, email address, and mailing address, and tell us whether you are making an Access Request, a Deletion Request or both. Please note that, to protect your information and the integrity of our services, we may need to verify your identity before processing your Access Request or Deletion Request. We will typically verify your request by comparing the information that you provide as part of your request with the information (if any) that we have about you in identifiable form. In some cases we may need to collect additional information to verify your identity, such as a government issued ID. We may also use a third-party identity verification service.

You may designate an authorized agent to make a request on your behalf by providing the agent with your written signed permission or a power of attorney pursuant to California Probate Code Sections 4121 to 4130. The authorized agent must be either a natural person or a business entity registered with the California Secretary of State.

10. Changes to this Notice

We may change or update this Notice periodically. When we do, we will post the revised Notice on this webpage indicating when the Notice was “Last Updated.”