Privacy Policy
We take patient privacy seriously. Feel free to contact us if you have questions regarding our privacy policy.
Last updated: July 2024
Purpose:
This Privacy Policy applies to all data that are owned and operated by Sanguine. Sanguine only processes personal data for the purposes outlined here. Sanguine will not collect or use personal data for purposes other than those described in this Policy unless we have obtained your prior consent. In cases where you decide to decline to submit information, Sanguine may not be able to provide services to you. In this event, we will inform you of your choice in moving forward.
Scope:
This procedure covers Sanguine’s Data Privacy Policy, the data we collect, and what we do with that data. This Policy is accessible at the time of all data collection by Sanguine, ensuring transparency and informed decision-making regarding your personal information.
Sanguine's Data Privacy Policy:
Your privacy is important to us. That’s why we provide you with this Policy which describes how Sanguine BioSciences. (“Sanguine”, “we”, “our” or “us”) collects, accesses, uses, stores, shares, and deletes your information so that you remain in control of how your personal data is used in your interactions with us. Please read this notice carefully to understand how your information may be used.
Roles and Responsibilities:
The table below details the role responsible for the tasks within this document.
Role | Task |
---|---|
Data Privacy Officer and/or Sanguine Quality Lead | Review and update this policy based upon designated procedure review intervals, added or revised regulations, or additional regulations under Sanguine’s scope of work based upon product and business expansion. |
All Sanguine employees and other persons who may be subject to information sharing | Review and agree to this policy. Sanguine employees and other persons who supply data to Sanguine shall understand how Sanguine uses the data of those who provide it. |
References:
The table below lists the applicable Sanguine document references (Internal) as well as applicable regulations/standards (External).
Internal Reference(s) | Title |
---|---|
N/A | N/A |
External Reference(s) | Title |
---|---|
45 CFR 46 | US DHHS and Office of Human Research Protection guidelines |
21 CFR Part 11 | All parts – Electronic Records; Electronic Signatures – Scope and Application |
California Civil Code § 1798.83 | California Shine the Light Law |
Definitions and Abbreviations:
The table below lists the applicable Sanguine definitions to terms or abbreviations as noted within this document.
Term / Abbreviation | Definition |
---|---|
Personally Identifiable Information (PII) or Personal Data | Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Excludes certain de-identified or aggregated information, publicly available government records, or other exclusions as per Data Privacy Laws. |
Sensitive Personal Information | Type of personal information depending on applicable Data Privacy Law, including personal identification numbers; account or debit/credit card numbers with access codes; precise geolocation; racial or ethnic origin; religious beliefs; union membership; medical history or conditions; sex life or sexual orientation; citizenship or immigration status; mail, email, or text message content (unless intentionally sent to the business); genetic or biometric data; criminal history, and personal data from a known child under 13 years old (specifically for consumers in CO, CT, VA). This also encompasses Special Categories of Data as defined under GDPR. |
Processing | Any operations performed on personal information, including collecting, storing, retrieving, consulting, analyzing, disclosing or sharing with someone else, erasing, or destroying personal data. |
Customer / Patient / Participant | External customers, patients, or individuals with whom we contract and provide our services. |
User | Individuals with access to the platforms we offer our clients. Users may be individual clients or the staff, employees, or representatives of our corporate clients. |
Materials, Supplies & Equipment:
Materials, Supplies, Equipment | Description |
---|---|
N/A | N/A |
Procedure:
The steps below describe the procedure needed to carry out this process.
1. Sanguine’s Commitment to Privacy
- Sanguine is committed to ensuring the privacy and protection of Personally Identifiable Information (PII) or personal data, collected through our service. Our policies and procedures adhere to regulations and guidelines set forth by governing entities such as the EDPB, California Attorney General, FTC, Office of Human Research Protections (OHRP) and an approved IRB, amongst others.
- We strictly adhere to HHS human subject protection regulations and require all employees involved in research to complete human subjects protection certification. Additionally, our research studies undergo review by an approved IRB to ensure ethical practices and minimal risk to participants. All employees are also subject to Privacy training in the event their job handles personal data.
- To safeguard participant privacy, we remove all identifying information from samples and medical data, using only coded data. Third parties, including researchers, receive coded data and are unable to link it to individual participants. Our employees undergo privacy training and are bound by legal and company policies to uphold participant confidentiality.
- In accordance with FDA regulations, we utilize electronic consent and maintain research data in a compliant database. Participation in our studies is voluntary, and participants can withdraw at any time without penalty. We may contact participants about future research studies for studies which allow this, with the option to opt out of such communications at any time.
- Your participation in a research study is voluntary. You can change your mind and decide not to be in a research study at any time. There will be no penalty to you, and you will not lose any benefits. If you decide to stop participating in a study or would like your name to be withdrawn from our contact list for future studies, please contact the study staff at 855-836-4759. If possible, please make your request in writing to .
- Sanguine might contact you in the future about other research studies for which you might qualify. You can choose to be contacted about other research studies at any time by speaking with Sanguine study staff at 855-836-4759.
- This Privacy Policy covers the disclosures that are required by “Data Privacy Laws” governing our processing of personal and sensitive personal information, which includes, but are not limited to the following:
Law | Scope | Effective |
---|---|---|
“GDPR” General Data Protection Regulation | Imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. | May 25, 2018 |
“PIPEDA” Personal Information Protection and Electronic Documents Act | Applies to private sector organizations engaged in commercial activity or operating in Canada. | January 1, 2001 |
“CCPA” The California Consumer Privacy Act | California state law that addresses the privacy rights of California consumers. It was updated, amended and expanded by California Privacy Rights Act (CPRA). In this Privacy Policy, CCPA means CCPA as amended by CPRA. | CCPA: January 1, 2020 CPRA: January 1, 2023 |
“CPA” Colorado Privacy Act of 2021 | Applies to legal entities conducting business in Colorado or delivering products or services targeted to Colorado residents. | July 1, 2023 |
“CTDPA” Connecticut Data Privacy Act of 2022 | The act applies to those who conduct business in the state or who produce products or services targeted to Connecticut residents. | July 1, 2023 |
“FDBR” Florida Digital Bill of Rights | Applies to for-profit entities that conduct business in Florida and collect personal data about Florida consumers (or are the entity on behalf of which such information is collected). | July 1, 2024 |
“MCDPA” Montana Consumer Data Privacy Act | Companies that conduct business in Montana or persons that produce products or services that are targeted to residents of Montana. | October 1, 2024 |
“OCPA” Oregon Consumer Privacy Act | Applies to any person that conducts business in Oregon or provides products / services to Oregon residents. | July 1, 2024 |
“TDPSA” Texas Data Privacy and Security Act | Applies to for-profit businesses or persons that does business in Texas or produces a product or service consumed by a Texas resident. | July 1, 2024 |
“UCDPA” Utah Consumer Privacy Act of 2022 | The Act regulates company that conducts business in Utah or produces a product or service that is targeted to consumers in Utah. | December 31, 2023 |
“VCPDA” The Virginia Consumer Data Protection Act of 2021 | Provides Virginia consumers with specific rights regarding their personal information that took effect on. | January 1, 2023 |
2. Information we collect
Depending on which product or service you are engaged in, we may collect a range of personal data from you to enable Sanguine to perform services for you:
Category | Identifiers |
---|---|
Job Candidates | - Date of Birth |
- Immigration Status | |
- Contacts | |
- Biological Sex | |
- Estimated/Actual Income | |
Patient/ Participant | - Address |
- Biological Sex | |
- Country | |
- Date of Birth | |
- Email Address | |
- Full Name | |
- Phone Number | |
- State | |
- Zip Code | |
- Contact(s) Data | |
Employees | - Address |
- Country | |
- Country | |
- Date of Birth | |
- Email Address | |
- Full Name | |
- Occupation | |
- Phone Number | |
- State | |
- Zip Code | |
- Contact(s) Data | |
- Estimated/ Annual Income | |
- Immigration Status | |
Perspective Patient/ Participant | - Address |
- Country | |
- Date of Birth | |
- Email Address | |
- Full Name | |
- Occupation | |
- Phone Number | |
- State | |
- Zip Code | |
- Contacts | |
- Contact(s) Data |
3. How we collect your information
- When you register with Sanguine BioSciences, we require that you sign up for participation on our website. During that process, we will collect information about you.
- Once you have completed and signed our intake form, we will continue to collect additional information about you, to help researchers evaluate potential research projects and to help us better identify research studies for which you might be eligible and interested. In addition, we collect and keep your medical information through the personal health record and sync your medical record information from your healthcare provider or another third-party source.
- In addition to the data we collect when you register and use our Services, we automatically collect and store other information about you such as:
- Information about the device you use to access our site, such as the type of device you are using to access our Site and Services and the type of browser you are using
- Information about your account activity, such as number of times you have logged into your account, your Internet Protocol address (“IP address”), the date and time of your access
- Information related to your location.
- Information about you and your device through cookies, web beacons, and similar technologies. If you access our Site through a web browser, a “cookie” is a small data file sent from a website and stored on your device to identify your device in the future and allow for an enhanced personalized user experience. A “session cookie” disappears after you close your web browser or may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our website. We may use both session and persistent cookies. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Site. A web beacon is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites or when emails are opened.
- Information you provide to us when you ask a question or provide us with a comment about our Site or Services.
- If you agree, we may collect information about you from other sources, such as wearable devices that you own or wear.
- If you agree, and sign our authorization form, we may collect your medical records from your health care providers on your behalf.
- When you send email or other communication to Sanguine, we may retain those communications to process your inquiries, respond to your requests, and improve our services.
4. How We Use and Share Personal Information
4.1. We will not sell, rent, license, or trade your personal information with third parties for their own direct marketing use unless you expressly tell us it is okay to do so. Unless you give us your permission, we will not share your personal information other than as stated in this Privacy Policy.
4.2. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
4.3. Sanguine only shares confidential information with other companies in the following limited circumstances:
-
- We have your consent.
- We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:
- Satisfy any applicable law, regulation, legal process or enforceable governmental request
- Enforce applicable Terms of Service, including investigation of potential violations thereof
- Detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Sanguine as required or permitted by law.
4.4. The collected information will only be used to carry out the services defined below:
-
- We may use the information we collect from you when you sign up, register, respond to a survey or marketing communication, surf our website, or use certain other features of the Services in the following ways:
- To personalize your experience on the website and to allow us to deliver content and product offerings that interest you
- To allow us to better respond to your customer service requests.
- To quickly process your requested transactions.
- To administer a promotion, survey, or other feature of our website.
- We may use the information we collect from you when you sign up, register, respond to a survey or marketing communication, surf our website, or use certain other features of the Services in the following ways:
4.5. Information Shared with Third Parties Assisting in Our Operations:
-
- We may share your personal information under confidentiality agreements with other companies that provide products and services on our behalf, such as those:
- providing research
- delivering goods or services
- providing cloud hosting services
- analyzing data and usage of the Services
- processing payments
- operating our website, mobile application or personal health record, or
- providing support and maintenance services for the Services, as well as legal, regulatory, audit and other professional advisors.
- We may share your personal information under confidentiality agreements with other companies that provide products and services on our behalf, such as those:
NOTE: These companies (described above) may use your personal information to assist us in our operations. However, these companies do not have any independent right to share your information.
4.6. Business Transfers
-
- We may share your personal information with other businesses in connection with the sale, assignment, merger or other transfer of all or a portion of our business to those businesses. We will require those businesses to honor the rules of this Privacy Policy.
5. Information Security
- Sanguine uses appropriate physical, managerial, and technical controls that are designed to protect the confidentiality, integrity, and security of personal data that we collect and maintain against accidental or unlawful loss, theft and misuse and unauthorized access, disclosure, alteration destruction, or any other type of unlawful processing. Unfortunately, no web site, server or database is completely secure. Sanguine cannot guarantee that your Personal data will not be disclosed, misused, or lost by accident or by the unauthorized acts of others.
- We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store data. We restrict access to confidential information to Sanguine employees, contractors and agents who need to know that information to perform and deliver services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
6. Storage and Retention of Personally Identifiable Information
- Information may be stored or processed in locations other than the jurisdiction in which you live or work. In such cases we will work to ensure that any vendor we use in that location has the appropriate protections in place. By using our Site and Services, you agree to the collection, storage, and processing of your information to any country in which we may conduct our business operations.
- If you reside or are located in an area with applicable Data Privacy Law, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain this data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
7. Data Integrity
- Sanguine may process confidential information only for the purposes for which it was collected and in accordance with this Policy. We review our data collection, storage, and processing practices to ensure that we only collect, store, and process the information needed to provide services. We take reasonable steps to ensure that the information we process is accurate, complete, and current, but we depend on our users to update or correct their information whenever necessary. You can access your Personally Identifiable Information and confirm that it remains correct and up-to date and choose whether or not you wish to receive email notifications from us by contacting us at or by calling 855-836-4795.
- You have the right to request access to any Personally Identifiable Information about you in our possession, update any incorrect information, restrict, or delete information about yourself or prevent the processing or sharing of Personally Identifiable Information.
8. Enforcement
- Sanguine regularly reviews its compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy by contacting us through this web site or emailing . When we receive written inquiries, it is Sanguine’s policy to contact you regarding your concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any issues regarding the transfer of confidential data that cannot be resolved between Sanguine Bioscience’s and a client.
9. Your Privacy Rights
9.1. Subject to applicable Data Privacy Law, you may have certain rights to know, access, update, port your personal data, correct inaccuracies, delete, and / or restrict processing of your personal information in our custody and control.
9.2. For security purposes, we will verify your identity when you request to exercise your data privacy rights. For certain types of requests, we may also need to ask you for additional information to verify your identity. Once we have verified your identity, we will respond to your request as appropriate. You right over your personal information depends on the Data Privacy Law applicable where you reside.
9.3. California Privacy Rights
9.3.1. California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”) provide certain rights to residents of California. This section of the Privacy Notice applies if you are a natural person who is a resident of California (“California Consumer”) and use our Services. This notice supplements the information in the Privacy Notice. Certain terms used below The have the meanings given to them in the CCPA and CPRA. The CCPA and CPRA shall be collectively referred to herein as the “CPRA”.
9.3.2. Additional Disclosure: Do-Not- Track Disclosure
- “Do Not Track”(“DNT”) is the concept that has been promoted by regulatory authorities for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites. Currently, various web browsers (Chrome, Firefox, Safari, Internet Explorer, Microsoft Edge) offer a DNT option that sends a signal to websites visited by the browser user about the user’s DNT preference. We do not recognize or respond to browser initiated Do Not Track (DNT) signals as a DNT standard has not been adopted to this day. Our third-party partners, such as web analytics companies and third-party ad networks, may collect information about you and your online activities over time and across our Services and our Site. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings.
9.3.3. Your Rights
- As a California Consumer, you have the following rights, these rights are not absolute and may be subject to exceptions and verification. We may be required or permitted by law to decline any request. Only you, a person that you authorize to act on your behalf, or an entity registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to accessing or deleting your personal information.
- Right to Delete
- You can make a request to delete any personal and sensitive personal information we collected from you. Upon receiving a verified request, we will notify you once your information has been deleted. We will also communicate your deletion request to the third parties who process your personal information on our behalf and direct them to delete your information.
- Right to Ops-Out of Sale
- California Consumers have the right to opt out of “sales” of their personal information. The CCPA’s broad definition of “sale” may include using services to deliver targeted advertising on other sites or applications. This means that if you make a request to opt out of our “sales” of personal information, it will likely have a direct impact on the types of advertisements you see online. We will honor requests to opt out of “sales” of your personal information. If you would like to opt out, you may do so as outlined on the following page: Do Not Sell or Share my Personal Information.
- Right to Limit the Use or Disclosure of Sensitive Personal Information.
- You have the right to limit the use of your sensitive personal information to only those purposes that are necessary for us to provide Services to you. If you would like to opt out, you may do so as outlined on the following page: limit the use of your sensitive personal information. We will notify you if at any point we intend to use your sensitive personal information for any additional purposes.
- Right to Non-Discrimination
- We value giving consumers control over their privacy and personal information. If you choose to exercise any of your rights under the CCPA, we will not differentiate our services as a result of your decision. We also do not offer any financial incentives to opt-in to sell your personal information.
- Right to Correct
- You have the right to request the correction, updating and completion of any Personal and Sensitive Personal Information we maintain about you.
9.4. Colorado, Connecticut, Florida, Montana, Oregon, Texas, Utah, Virgina
9.4.1. Your Data Subject Rights
-
- The Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, Utah Consumer Privacy Act and similar laws in other U.S. states ("Data Privacy Laws") provide their consumers with specific rights regarding their personal information. To the extent that you are a resident of one of these states, this section describes your rights under the Data Privacy Laws and explains how you may exercise these rights.
- The categories of personal information we process, our purposes for processing, the categories of personal information that we share with third parties, and the categories of third parties with whom we share it are detailed in Section 4. To the extent that our personal information processing activities are addressed by a separate privacy notice, please consult the terms of that privacy notice for detailed information about our data practices, including the categories of personal information that we collect and disclose.
9.4.2. Right to Know
-
- You have the right to know whether we process your personal information.
9.4.3. Right to Access
-
- You can make a request to access the categories or specific pieces of personal and sensitive personal information we collected, used, or shared about you. Along with your verified request, we will give you any categories of sources from which the personal or sensitive personal information is collected; the purpose for collecting, selling, or sharing; and any categories of third parties with whom we share such personal information.
9.4.4. Right to Data Portability
-
- You have the right to access and obtain a copy of your personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means. You may request such personal information up to twice annually, subject to certain exceptions.
9.4.5. Right to Delete
-
- You have the right to delete personal information that you have provided or that we have obtained about you. Please note that we may deny such a request if the requested deletion falls under an exception to this right set forth in Data Privacy Laws. If the personal data is no longer needed for any purposes that justify its retention and we are no required by law to retain it, we will do what we can to delete. We may need certain types of data so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.
9.4.6. Right to Opt-Out of Selling or Sharing
-
- You have the right to opt out of the processing of the personal information for purposes of: (i) targeted advertising; (ii) the sale of personal information; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you (provision or denial of housing, insurance, employment opportunities, or access to essential goods or services; decisions that have a foreseeable risk of unfair or unlawful treatment, financial or physical injury or other substantial injury). As of the latest date of the Privacy Notice:
- We DO NOT process personal information for the purposes of targeted advertising;
- We DO NOT sell your personal information in exchange for monetary or other valuable consideration;
- We DO NOT engage in profiling decision based on your personal information that produce legal or similarly significant effects concerning you.
- You have the right to opt out of the processing of the personal information for purposes of: (i) targeted advertising; (ii) the sale of personal information; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you (provision or denial of housing, insurance, employment opportunities, or access to essential goods or services; decisions that have a foreseeable risk of unfair or unlawful treatment, financial or physical injury or other substantial injury). As of the latest date of the Privacy Notice:
9.4.7. Right to Correct
-
- You have the right to correct inaccuracies in the personal information we collect from you, taking into account the nature of the personal information and the purposes for which we process it.
9.4.8. Right to Nondiscrimination
-
- We value giving consumers control over their privacy and personal information. If you choose to exercise any of your data privacy rights, we will not differentiate our services as a result of your decision. We also do not offer any financial incentives to opt-in to sell your personal information.
9.4.9. Your Right to Appeal
-
- For Colorado, Connecticut, Florida, Montana, Oregon, Texas and Virginia residents, if we decline to take action or do not respond regarding a request that you have submitted pursuant to one of the privacy rights set forth in this section, you have the right to appeal our refusal to take action within a thirty (30) calendar days after you receive our decision. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with an online mechanism, if available, or other method through which you may contact your state attorney general’s office to submit a complaint.
9.5. GDPR Privacy Rights
- If you are a resident of one of many European countries, including the United Kingdom and Switzerland, an important European privacy law (or an equivalent counterpart to it) the General Data Privacy Regulation (the “GDPR”) provides you with certain rights, and places certain obligations on companies regarding how your “personal data” (as the GDPR uses that term) is used. We describe those rights and obligations below, and how and in what circumstances we honor them. We set out our compliance with the GDPR and, to the extent applicable, those other laws, in this section.
9.6. Legal Basis
9.6.1. The GDPR requires us to tell you about the legal ground we’re relying on to process any personal data about you. The legal grounds for us processing your personal data for the purposes set out in Section above will typically be because:
-
- You provided your (legally sufficient) consent;
- It is necessary for our contractual relationship, e.g., in order to provide you services or features you’ve requested and we’ve promised;
- The processing is necessary for us to comply with our legal or regulatory obligations – for instance, to communicate with you about or to help honor your legal rights; and/or
- The processing is in our legitimate interest. For instance, we may process and share business data collected from our website for our own internal marketing purposes, or other information for purposes of security, data hygiene or validation, in a manner that constitutes a “legitimate interest”.
9.7. Your Data Subject Rights
9.7.1. Right to Rectify, Delete, Restrict or Object to the Processing
-
- Your rights to deletion or revocation of consent (sometimes referred to as a right to be forgotten, to restrict processing, or to otherwise object to processing). You have the right to request that we delete your personal data (or where applicable, withdraw your prior consent to our processing of your data). You may also request that we correct or rectify your personal data if it is inaccurate, incomplete or false.
- If you request that we delete your personal data, or withdraw your consent, we will customarily retain a copy of your data sufficient to suppress it from our active databases in the future: but if that is not what you wish, you may indicate that to us (in which case your information may be added to our database later, because we will not have “suppressed” it).
- Moreover, when we delete your personal data, we may retain it (to the extent legally permissible) for certain important (but narrow) internal purposes such as legal, compliance, accounting or auditing purposes, and in some cases, for security purposes.
9.7.2. Personalized Online Advertising Opt-Out
-
- You may object to profiling by online advertising platforms with whom we sometimes partner to help generate (and measure or analyze) “personalized” online advertising. These platforms are generally separate third party “controllers” of your data.
9.7.3. Your Right to Access
-
- In some jurisdictions, you may have the right to request access to a copy of your personal data. When you request access to your personal data, we are required — for privacy and other important compliance reasons — to verify your identity in a legally sufficient manner: if we cannot do so, we will not be able to satisfy your access request.
-
- Please note that as part of the verification process, we may not be able to sufficiently “verify” your identity in a manner sufficient to safeguard against the potential adverse privacy effects on disclosure of personal data to the wrong individual (or a person who is purposefully seeking the information of another). Because such improper disclosure would likely adversely affect the privacy rights and freedoms of a relevant data subject/consumer, we limit certain personal data we make available.
9.7.4. Questions or Concerns
-
- If you have a complaint or concern or question about how we handle your personal data, please contact us as at the above contact addresses, and we will seek to address any concerns you may have. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant Data Protection Authority.
9.8. Exercising Your Rights
- This provides for instructions on how you can exercise your rights under the applicable Data Privacy Law.
9.9. How to Exercise Your Rights
- To submit a request to access, rectify, delete, port your personal data you can submit a request to us either:
- By email at or by calling us at 855-836-4759
- Note in the body of the email the specific right you want to exercise. In the subject line, include “<Your State/Country> Consumer Request”.
- To protect the privacy and security of your personal information, we will attempt to verify your identity before acting on your request. Your request must include details sufficient for us to properly understand, evaluate, and respond to the request.
- Please also note that as part of the verification process, we’re required to consider:
- the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with and:
- the potential adverse effects on disclosure of personal data to the wrong individual (or a person who is purposefully seeking the information of another) because such improper disclosure would likely adversely affect the privacy rights and freedoms of the relevant data subject/consumer, we limit certain personal data we make available.
10. Use of an Authorized Agent
- An agent legally authorized to act on your behalf—may make a verifiable request related to your personal information. If you are making a request through an authorized agent, you must provide the authorized agent with written permission to do so, and a power of attorney that fulfills the requirements of the Data Privacy Laws. We may request more information from the authorized agent (or from you) if needed to verify the authorized agent’s identity or to avoid any breach of security or instances of fraud.
11. Changes to this Privacy Policy
- Changes will be posted on this page. If we make a material change to our privacy practices, we will provide notice on our Site or by other means as appropriate. If we are required by applicable data protection laws to obtain your consent to any material changes before they come into effect, then we will do so in accordance with law. You may find the previous version of the Privacy Policy here.
12. California Privacy Rights
- Under Section 1798.83 of the California Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for those third parties’ direct marketing purposes, and the identities of the third parties with whom the business has shared such data during the immediately preceding calendar year.
13. Exercising Access, Data Portability, and Deletion Rights
- To exercise the access, data portability, and deletion right described above, please submit a verifiable request to us by:
- For California consumers, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf on your minor child.