CCPA

The California Consumer Privacy Act (“CCPA”) is a state privacy law which protects California residents’ (“Consumers”) rights regarding how their Personal Information (as defined in the CCPA) is used and disclosed. This Notice describes the categories of Personal Information Nomi Health, Inc. (“Nomi Health”) collects and the purposes for which it is used. It also describes your rights with respect to your Personal Information.

The CCPA does not apply to how we collect, use or disclose medical information about individuals. To learn more about how Nomi Health may use and disclose medical information, and your rights under HIPAA, please see our HIPAA Notice of Privacy Practices.

For general information on the use and disclosure of Personal Information we collect, please see our Privacy Policy.

The following describes categories of Personal Information under the CCPA, and whether such information was collected from Nomi Health Consumers within the last 12 months. The sources from which we obtain this information and the ways in which we use this information are set forth in our Privacy Policy. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

• Identifiers.
  Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers.
  Collected: Yes

• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, employment, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
  Collected: Yes

• Protected classification characteristics under California or federal law.
  Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
  Collected: Yes

• Commercial information.
  Examples: Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  Collected : Yes

• Biometric information.
  Examples: Activity patterns, physical patterns, health, and or exercise data.
  Collected: Yes

• Internet or other similar network activity.
  Examples: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
  Collected: Yes

• Geolocation data.
  Examples: Physical location or movements.
  Collected: Yes

• Sensory data.
  Examples: Audio, electronic, or similar information.
  Collected: Yes

• Professional or employment-related information.
  Examples: Current or past job history or performance evaluations.
  Collected: No

• Inferences drawn from other personal information.
  Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  Collected: No

• Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

• Debugging to identify and repair errors that impair existing intended functionality.

• Short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.

• Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.

• Undertaking internal research for technological development and demonstration.

• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

We disclose your Personal Information to third parties for one or more of the business purposes listed above. When we disclose Personal Information for a business purpose, we enter into a contract that describes the purposes and requires the recipient to keep the information confidential and use the information only for the purposes described in the contract.

We share your Personal Information with the following categories of third parties for business purposes:

• Execution of marketing campaigns

• Analysis of trend information for service improvement

In the preceding 12 months, we have disclosed the following categories of Personal Information with these third parties:

• Nil at this time

In the preceding 12 months, Nomi Health has not sold Consumers’ Personal Information.

The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

• Requests to Access to Specific Information. You have the right to request that we disclose information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see below), we will disclose to you:

  • The categories of personal information we collected about you.

  • The categories of sources for the personal information we collected about you.

  • Our business or commercial purpose for collecting or selling that personal information.

  • The categories of third parties with whom we share that personal information.

  • The specific pieces of personal information we collected about you.

  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing sales (if any) along with the personal information categories that each category of recipient purchased; and disclosures for a business purpose along with the personal information categories that each category of recipient obtained.

• Deletion Requests. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will delete (and direct any of our service providers that hold your data on our behalf to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers as permitted by law.

• Right to Opt-out of Sales of Personal Information. CCPA provides California consumers with the right to opt-out of the sale of their personal information. This right does not apply to our use of personal information because we do not sell personal information and have not sold personal information in the past 12 months. To exercise the rights described above, please submit a request to us via email at questions@nomihealth.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child.

• You may only make a request for access or data portability twice within a 12-month period. The request must:

  • Provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

  • Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

  • We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.

We endeavor to respond to requests within 30 days of its receipt, but we are allowed by law to take up to 45 days to respond. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

• Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Although we are permitted under CCPA to offer certain financial incentives that can result in different prices, rates, or quality levels, we do not presently do so.

This Privacy Policy was last updated on December 17, 2020.