Privacy Notice for California Residents
Effective Date: May 19, 2021
Last Reviewed on: May 19, 2021
This Privacy Notice for California Residents supplements the information contained in the Privacy Notice and Well World Mobile App Privacy Notice that are each applicable to Designs for Health, Inc., its subsidiaries, and its other affiliates (collectively, “DFH,” “us,” “we”, or “our”).This Notice applies solely to California residents that are “Consumers” ("consumers" or "you") as defined in the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this Notice. In the event of a conflict between this Notice and any other DFH policy, statement, or notice, this Notice will prevail as to California Consumers and their rights under the CCPA.
This Notice covers our collection, use, and disclosure, during the twelve months preceding the Effective Date, of California Consumers’ “Personal Information” (“PI”) as defined by the CCPA, except that the Notice does not apply to information exempt from the notice obligations of the CCPA, or information collected about our employees, contractors, and job applicants, or information that is exempt from the scope of the CCPA, including: (i) information collected from individuals acting as representatives of another business in connection with business communications or transactions with us; (ii) medical information governed by the Confidentiality of Medical Information Act; or (iii) protected health information we collect in our capacity as a business associate under the Health Insurance Portability and Accountability Act of 1996 (also known as “HIPAA”).
Collection, Use, and Disclosure of PI
Generally, we collect, retain, use, and share your PI to provide you with our products and services (collectively, “Services”) and as otherwise related to the operation of our business. In addition, we may collect, use and disclose your PI as required or permitted by applicable law, or as directed by you, in accordance with this Notice. The table below describes each category of PI we collect and includes examples of types of PI that may fall into a specific category. We collect the below categories of PI from you, your device or browser, and our corporate affiliates. We also collect the below categories of PI from vendors that assist us in providing Services and running our internal business operations, healthcare practitioners, or other resellers of our products (collectively, “Business Partners”). We collect, use and share the PI we collect for the CCPA-defined business purposes in the bulleted list below and also for the purposes described in our Privacy Notice and Well World Mobile App Privacy Notice (our operational purposes) (collectively, our “Business Purposes”).
CCPA-defined Business Purposes
- Providing Services, including maintaining and servicing your account with us, verifying your information, processing payments, advertising, marketing, or analytic services, and similar functions and services
- Detecting security incidents, protecting against malicious, deceptive, or illegal activity, and prosecuting those responsible for that activity
- Debugging to identify and repair errors that impair existing intended functionality
- Undertaking internal research for technological improvement and demonstration
- Quality and safety assurance, and improving, upgrading, and enhancing the Services
- Short-term, transient use in which personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
The categories of third parties with whom we share your PI for Business Purposes are set forth in the table below.
|Category||Examples||Categories of Recipients of Business Purpose Disclosures|
|A. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||Business Partners|
|B.Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, and similar financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Business Partners|
|C. Protected classification characteristics under California or federal law||Age (40 years or older), marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), genetic information (including familial genetic information). If you subscribe to or use the Well World Mobile App, we may collect any other demographic information that you choose to upload into the App.||Business Partners|
|D. Commercial information||Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Business Partners|
|E. Biometric information||Genetic, physiological, behavioral, and biological characteristics, activity patterns, and sleep, health, or exercise data.||Business Partners|
|F. Internet or other similar network activity||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||Business Partners|
|G. Geolocation data||Physical location or movements.||Business Partners|
|H. Sensory data||Audio, electronic, and visual information.||Business Partners|
|I. Inferences drawn from other personal information||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Business Partners|
CCPA Privacy Rights
California Consumers have the right to exercise certain privacy rights under the CCPA. California Consumers may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. Any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI.
Unless you have provided us with your email address (such as by signing up for an account on the Service), we will be unable to verify your identity to fulfill a request to know or delete. As a result, to exercise your rights to know and delete, we must be able to verify your identity as the owner of the email address and/or DFH account that is associated with your request. We may not be able to fulfill your request until we can do so. In general, we verify identity by confirming that you are the owner of the email address. We reserve the right to ask you to provide additional information in order to help verify your identity.
Some personal information we maintain about Consumers is not sufficiently associated with a Consumer for us to be able to verify that it is a particular Consumer’s personal information (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that personal information in response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response.
We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose, and otherwise use and to respond to your California Consumer privacy rights requests. We will typically not charge a fee to fully respond to your requests, but we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome.
A. The Right to Know
- Categories You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting or selling your PI.
- The categories of third parties to whom we have shared your PI.
- A list of the categories of PI disclosed for a business purpose in the prior 12 -
months, or that no disclosure occurred.
- Specific Pieces
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining.
Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
B. The Right to Deletion
Except to the extent we have a basis for retention under CCPA, you may contact us at the phone number or email address posted below to request that we delete your PI that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and services you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you.
You may alternatively exercise more limited control of your PI by instead by canceling or modifying our email marketing communications you receive from us. You can do so by following the instructions contained within our promotional emails. This will not affect subsequent subscriptions and if your opt-out is limited to certain types of emails the opt-out will be so limited. Please note that we reserve the right to send you certain communications relating to your account or use of our Service, such as administrative and service announcements and these transactional account messages may be unaffected if you choose to opt-out from receiving our marketing communications.
C. The Right to Opt Out of Sale of PI
We do not knowingly “sell” PI that we collect from you, in accordance with the definition of “sell” in the CCPA, and therefore will not treat personal information we collect from you as subject to a do not sell request. There is not yet a consensus as to whether third party cookies and tracking devices associated with our websites and mobile apps may constitute a “sale” of your PI as defined by the CCPA. You can exercise control over browser-based cookies by adjusting the settings on your browser. We also provide access to privacy information related to browsers and cookies and, if available, opt-out programs here. Further, you can learn more about your choices regarding certain kinds of online interest-based advertising here. We do not represent that these third-party tools, programs, or statements are complete or accurate.
Some browsers have signals that may be characterized as do not track signals, but we do not understand them to operate in that manner or to indicate a do not sell expression by you, so we currently do not recognize these as a do not sell request. We understand that various parties are developing do not sell signals, and we may recognize certain such signals if we conclude such a program is appropriate.
We may disclose your PI for the following purposes, which are not a sale: (i) if you direct us to share PI; (ii) to comply with your requests under the CCPA; (iii) disclosures amongst the entities that constitute DFH as defined above, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.
D. The Right to Non-Discrimination
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your PI as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.
Other California Privacy Rights
“California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information, if any, to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org and indicate “Shine the Light” in the subject line or body of your email request. You can also make a request by mail to the address below:
Designs for Health, Inc.
Attn: Customer Experience Department
14 Commerce Blvd., Palm Coast, FL 32164
As these rights and your CCPA rights are not the same and exist under different laws, you must exercise your rights under each law separately.”
Changes to Our Privacy Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated notice on the Website and update the Notice's effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
If you have any questions or comments about this Notice, the ways in which we collect and use your information described here and in the Privacy Notice or Well World Mobile App Privacy Notice, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Designs for Health, Inc.
Attn: Customer Experience Department
14 Commerce Blvd., Palm Coast, FL 32164
In order to complete your request, you will be required to respond to any follow up inquires we may make, and we may deny your request if you do not do so.
You may use an authorized agent to submit a consumer rights request. If you use an authorized agent to submit a request, we may require proof that the agent has been authorized by you to do so, and take other steps permissible under the CCPA, to ensure it is a proper request by an authorized agent.