Supplemental Privacy Notice for California Residents 

Effective: October 28, 2024

This Privacy Notice for California Residents supplements and is expressly made part of the information contained in Personify Health’s Privacy Notice, available at https://personifyhealth.com/general-privacy-notice/, and applies solely to visitors, users, and others who reside in the State of California (“Consumers” or “You”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (“CCPA”). Any terms defined in the CCPA and Privacy Notice have the same meaning when used in this Supplemental Notice. 

Collecting and Using Personal Information 

Please see our program specific Privacy Notice for details about how we collect and use your Personal Information.  

Additionally, please note that to the extent we de-identify and use PHI, we rely upon applicable rules and guidance and under HIPAA. All de-identification of PHI is undertaken pursuant to the safe harbor provisions of the HIPAA Privacy Rule.  

Sale of Personal Information 

We do not resell Personal Information that we collect from any consumer. However, we do sell reports based on data we collect from third parties, public sources, or our existing de-identified datasets. We also sell inferences derived using our analytics to your Sponsor so they can better serve your needs. In the preceding twelve (12) months, we have sold the following categories of Personal Information for a business purpose: 

Opt-Out and Opt-In Rights 

If you are 16 years of age or older, you may direct us to not sell your Personal Information at any time. We do not sell the Personal Information of consumers we know are less than 16 years of age, unless we receive affirmative authorization from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. If you or your parent or guardian choose to opt-in to Personal Information sales, you or your parent or guardian may still opt-out of future sales at any time. To opt-out, you (or your authorized representative) may submit a request to us by emailing [email protected]

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. We will only use Personal Information provided in an opt-out request to review and comply with the request. 

You have the right to opt out of using your information for automated decision making (“profiling”) involving your behavior, economic situation, health, interests, locations or movements, performance at work, personal preferences or reliability.

Non-Discrimination 

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

However, we may offer, and you may consent, to receive certain incentives permitted by the CCPA. Any CCPA-permitted incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. You may revoke your consent to participate or receive such financial incentive at any time. 

Other Rights 

To exercise any of the following requests, please submit a request to us by emailing [email protected]

Access to Specific Information; Data Portability Rights

You have the right to request that We disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you: (A) the categories of Personal Information we collected about you; (B) the categories of sources for the Personal Information we collected about you; (C) our business or commercial purpose for collecting or selling that Personal Information; (D) the categories of third parties with whom we share that Personal Information; (E) the specific pieces of Personal Information we collected about you (also called a data portability request). If we sold or disclosed your Personal Information for a business purpose, we will provide you with two separate lists disclosing such sales or disclosures, identifying the Personal Information categories that each category of recipient purchased or otherwise obtained. 

Deletion Rights

You have the right to request that We delete any of your own Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. 

An exception to your request may apply if retaining the information is necessary for us or our service provider(s) to: 

Utilizing and Agent or Guardian 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (A) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and (B) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. 

Responding to Your Requests 

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

Contact Information 

If you have general questions about your Program, you can contact Member Services by calling 1-888-671-9395 (in the US) or by sending an email to [email protected]

If you have any questions, comments or concerns, about this Notice, or your rights and obligations under this Notice, you may contact us via email at [email protected]  or via the “Contact Us” section of the Personify Health web-based platform and mobile application. Alternatively, you can contact us by writing to: 

Personify Health, Inc. 

Attn: Privacy Officer 

75 Fountain Street 

Providence, Rhode Island 02903

United States