Notice of Privacy Practices
Protected Health Information
Last Updated: 09/15/2023
The After Cancer does not provide any health care or medical services. It performs administrative, payment, and other activities on behalf of Telehealth Providers who render care and treatment to you through The After Cancer Platform. The After Cancer’s services include its receipt, use, access, maintenance, transmission, and/or creation of your protected health information “PHI” to facilitate the provision of health care services to you through the Platform.
The After Cancer is required to provide reasonable assurances to your Telehealth Providers about its safeguard of your PHI, which are described below.
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
If you have any questions about this Notice or need further information, please contact our Privacy Officer by email to firstname.lastname@example.org. Written requests should be addressed to:
The After Cancer Corporation
PO Box 30667, PMB 79909
Charlotte, North Carolina 28230-0667
OUR PLEDGE REGARDING YOUR PROTECTED HEALTH INFORMATION:
The privacy of your protected health information or “PHI” is important to us. This Notice will tell you about how we may use and disclose your PHI. This Notice describes your rights regarding your PHI we collect and maintain and certain obligations we have regarding its use and disclosure.
We are required by law to:
1. Maintain the privacy of your PHI;
2. Give you this Notice describing our legal duties, privacy practices, and your rights regarding your PHI we collect and maintain;
3. Notify you if we discover a breach of any of your PHI that is not secured in accordance with federal guidelines; and,
4. Follow the terms of the Notice of Privacy Practices in effect.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION:
You have the following rights with respect to your PHI:
1. Right to Inspect and Copy: You have the right to inspect and copy all or any part of your medical or health record, as provided by federal regulations. You may request and receive an electronic copy of your PHI if we maintain your PHI in an electronic health record.
To inspect and copy your PHI, you must submit your request in writing to our Privacy Officer at the physical address listed on the first page of this Notice. If you request a copy of your PHI we may charge a reasonable, cost-based fee in accordance with state law for the costs associated with fulfilling your request.
We may also deny your request under certain limited circumstances.
2. Right to Amend: You have the right to request that your Telehealth Provider amend your PHI if you feel that the health information contained within your medical record generated by your Telehealth Provider is inaccurate or incomplete. You have the right to request an amendment for as long as we keep the information. To request an amendment, your request must be made in writing, submitted to our Privacy Officer at the physical address listed on the first page of this Notice, and must include a reason that supports your request. Your Telehealth Provider may deny your request under certain limited circumstances.
3. Right to an Accounting of Disclosures: You have the right to request an accounting of any disclosures of your PHI we have made, except for disclosures made for the purpose of treatment, payment, health care operations and certain other purposes if such disclosures were made through a paper record or other health record that is not electronic, as set forth in federal regulations. If you request an accounting of disclosures of your PHI, the accounting may include disclosures made for the purpose of treatment, payment, and health care operations to the extent that disclosures are made through an electronic health record.
To request an accounting of disclosures, you must submit your request in writing to our Privacy Officer at the physical address listed on the first page of this Notice. Your request must identify a time period for the request which may not be longer than six (6) years. The first accounting you request will be free. For additional requests for an accounting occurring within twelve (12) months of the original request, we may charge you for the costs to respond. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
4. Right to Request Restrictions: You have the right to request a restriction or limitation on the use and disclosure of your PHI. You also have the right to request a restriction or limitation on the disclosure of your PHI to someone involved in your care or the payment for it, such as a family member or friend. For example, you could ask that we not disclose information to your spouse about a medical service you received.
If you pay for a service entirely out-of-pocket, you may request that information regarding the service be withheld and not provided to a third-party payor for purposes of payment or health care operations. We are obligated by law to abide by such restriction unless a disclosure is required by law.
To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Privacy Officer at the physical address listed on the first page of this Notice. In your request, you must tell us what information you want to limit and to whom you want the limitations to apply. We will notify you of our decision regarding the requested restriction. If we do agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment or disclosure is required by law.
5. Right to Receive Confidential Communications: To request confidential communications, you must make your request in writing to our Privacy Officer at the physical address listed on the first page of this Notice. Your request must specify how or where you wish to be contacted.
6. Right to a Paper Copy of this Notice: You have the right to obtain a paper copy of this Notice at any time upon request. To obtain a copy of this Notice at any other time, please request it from our Privacy Officer at the physical address listed on the first page of this Notice.
7. Right to Revoke Authorization: If you execute any authorization(s) for the use and disclosure of your PHI, you have the right to revoke such authorization(s) on a going forward basis. Revocation cannot change actions that have already been taken in reliance on such authorization.
USE AND DISCLOSURE OF YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:
The following categories describe different ways that your PHI may be disclosed without your authorization.
1. For Treatment: We may use your PHI to facilitate the provision of health care treatment or health care services to you through the Platform. We may disclose your PHI to other doctors, nurses, technicians, health students, or other health care personnel involved in taking care of you to provide, coordinate, or manage your treatment by health care providers. This includes disclosure of your PHI to any healthcare practitioner who provides you with care and treatment through The After Cancer Platform.
Please note that for purposes of coordinating your care and treatment, each health care provider who provides you with care and treatment through the Platform will have access to your PHI.
2. For Payment: Only if applicable, we may use and disclose your PHI so that the treatment and services you receive from us may be billed to and payment collected from you, an insurance company, or a third party. For example, we may need to give your health plan information about the medical services you received through The After Cancer Platform so your health plan will pay your Telehealth Provider or reimburse you for the services. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
3. For Health Care Operations: Your Telehealth Provider may use and disclose your PHI for operations of their medical practice. For example, your Telehealth Provider may use health information to review the treatment and services provided and to evaluate the performance of such services.
4. For Research: We may disclose your PHI for the purpose of research, whether commercial or non-commercial in nature, subject to the conditions noted herein. We will only disclose your PHI for research purposes upon your express authorization or if the research protocol has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. The restrictions stated herein do not apply to instances where data related to you, or your care has been anonymized so that your identity is not capable of being determined from the data.
5. As Required By Law: We may disclose your PHI when required to do so by federal, state, or local law.
6. To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
7. Military and Veterans: If you are a member of the armed forces or separated/discharged from military services, we may release your PHI as required by military command authorities or the Department of Veterans Affairs as may be applicable. We may also release health information about foreign military personnel to the appropriate foreign military authorities.
8. Workers’ Compensation: We may release your PHI as authorized by, and in compliance with, laws related to workers’ compensation and similar programs established by law that provide benefits for work-related illnesses and injuries without regard to fault.
9. Public or Private Health Activities: We may disclose your PHI for public or private health activities. These activities generally include the following:
to prevent or control disease, injury, or disability;
to report births and deaths;
to report child abuse or neglect;
to report reactions to medications or problems with products; to notify people of recalls of products they may be using;
to notify third parties required to receive information on FDA-regulated products; and
to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
10. Health Oversight Activities: We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
11. Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
12. Law Enforcement: We may disclose your PHI to law enforcement officials for law enforcement purposes including the following:
in reporting certain injuries, as required by law, gunshot wounds, burns, injuries to
perpetrators of crime;
in response to a court order, subpoena, warrant, summons or similar process;
to identify or locate a suspect, fugitive, material witness, or missing person;
about the victim of a crime, if the victim agrees to disclose or under certain limited circumstances, we are unable to obtain the person’s agreement;
about a death we believe may be the result of criminal conduct;
about criminal conduct at our facility; and in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime.
13. Organ and Tissue Donation: We may disclose your PHI to organizations involved in the procurement, banking, or transplantation of cadaveric organs, eyes or tissue, to facilitate organ and tissue donation where applicable.
14. Abuse, Neglect and Domestic Violence: We may disclose your PHI to an appropriate governmental authority if your Telehealth Provider reasonably believes that you may be a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
15. Coroners, Health Examiners and Funeral Directors: We may disclose your PHI to a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors as necessary to carry out their duties.
16. National Security and Intelligence Activities: We may disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law, or for the purpose of providing protective services to the President or foreign heads of state.
17. Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the correctional institution or law enforcement official. This release would be necessary (a) for the institution to provide you with health care; (b) to protect your health and safety or the health and safety of others; or (c) for the safety and security of the correctional institution.
EXAMPLES OF OTHER PERMISSIBLE OR REQUIRED DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:
1. Business Associates: Some of our activities are provided on our behalf through contracts with business associates. Examples of when we may use a business associate include administrative services, legal, or consulting services. When we enter into contracts to obtain these services, we may need to disclose your PHI to our business associate so that the associate may perform the job which we have requested. To protect your PHI, however, we require our business associate to appropriately safeguard your information.
2. Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, close personal friend, or other person responsible for your care of your location and general condition. We will not disclose your PHI to your family members, personal representative or close personal friends as described in this paragraph if you object to such disclosure. To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Privacy Officer at the physical address listed on the first page of this Notice.
3. Communication with family members: We may disclose to a family member, other relative, close friend, or anyone you identify, health information relative to their involvement in your care. To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Privacy Officer at the physical address listed on the first page of this Notice.
4. Unlawful conduct: Federal law allows for the release of your PHI to appropriate health oversight agencies, public health authorities or attorneys, provided that a work force member or business associate believes in good faith that we or your Telehealth Provider has engaged in unlawful conduct or that your Telehealth Provider otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.
WE MAY NOT USE OR DISCLOSE YOUR PROTECTED HEALTH INFORMATION FOR THE FOLLOWING PURPOSES WITHOUT YOUR AUTHORIZATION:
1. We must obtain an authorization from you to use or disclose psychotherapy notes unless it is for treatment, payment, health care operations, is required by law, is permitted by health oversight activities, is disclosed to a coroner or medical examiner, or to prevent a serious threat to health or safety.
2. We must obtain an authorization for any use or disclosure of your PHI for any marketing communications to you about a product or service that encourages you to use or purchase the product or service unless the communication is either; (a) a face-to-face communication, or; (b) a promotional gift of nominal value. However, we do not need to obtain an authorization from you to provide prescription refill reminders, information regarding your course of treatment as identified by your Telehealth Provider, case management or care coordination, or to describe a health-related products or services that are provided through The After Cancer platform. We must notify you if the marketing involves financial remuneration.
3. We must obtain an authorization for any disclosure of your PHI which constitutes a sale of PHI, unless the information disclosed which relates to you or your care has been anonymized so that your identity is not capable of being determined from the data.
4. We must obtain an authorization for all other uses and disclosures of your PHI not described in this Notice. If you provide us with written authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time, by addressing a letter to our Privacy Officer at the physical address listed on the first page of this Notice.
CHANGES TO THIS NOTICE:
We reserve the right to change our privacy practices and any terms of this Notice. If our privacy practices materially change, we will revise this Notice and make copies of the revised Notice available upon request and through The After Cancer Platform. We reserve the right to make the revised or changed Notice effective for PHI we already have about you as well as any PHI we receive in the future.
TO MAKE A COMPLAINT:
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the United States Department of Health and Human Services. To file a complaint with us, send a written Notice of your concerns to our Privacy Officer at the physical address listed on the first page of this Notice. There will be no retaliation against you for filing a complaint.
The After Cancer Corporation (“The After Cancer,” “we,” or “us”) is committed to respecting your privacy. This Privacy Notice describes our privacy practices when you use our website (https://www.theaftercancer.com, our “Site”), mobile application (our “App”), and related products or services (together, our “Services”).
We ask that you read through this Privacy Notice before accessing or using our Services.
PERSONAL DATA WE COLLECT
When we refer to your personal data, we mean any information that relates to an identified or identifiable individual (“Personal Data”). When you create a The After Cancer account, connect to our Services, request appointments, or otherwise interact with The After Cancer, we may collect the following categories of Personal Data from or about you:
Identifiers, such as your name, home and work address, phone number, email address, username, password, and where applicable, employee or member identification number, policy or plan number, IP address.
Protected class and demographic information, such as age, date of birth, sex, gender, national origin, citizenship, race, marital status, sexual orientation, medical condition, genetic information, and information about your health and/or disability status.
Commercial information, such as information about Services purchased or obtained, and considered and Service history and tendencies.
Device information, consisting of information from devices you use to connect to the Services, including your mobile device. The information we receive from these devices may include browsing IP address, unique device identifiers such as MAC address, usage information, crash data, device performance characteristics and hardware information, battery status, and WiFi network information.
Internet or other electronic network activity information, such as browsing history, search history, clickstream patterns, session information, browser and operating system type, navigation paths, date/time stamps, cookie identifiers, language preferences, and other information about how you interact with our Site.
Geolocation data, such as physical location or device location, including zip code and Global Position System (“GPS”) data.
Professional or employment-related information, such as employer details and contact information, job title, office location, and company details.
Biometric information, such as physiological, biological, and behavioral characterizes, and genetic and health information.
Audio, electronic, visual, or other sensory information, such as audio records, videos, images, and photographs.
Inferences drawn from the information we collect about you to create a profile about you reflecting your preferences, behaviors, and characteristics.
Some of the data we collect may be considered sensitive personal information, including your log-in name and password that you use to access your user account on the Services, precise geolocation, racial or ethnic origin, and health and genetic data.
HOW WE COLLECT YOUR PERSONAL DATA
We collect personal data from you and other sources through registration forms, eligibility files, account creation, provider/coaching visits, communications, or interactions with The After Cancer representatives, community posts and/or comments that are collected through your voluntary public postings and engagement on social platforms. Depending on how you use our Service, we may collect Personal Data about you in the following ways:
Directly from you. We may collect information from you directly through your use of the Services, completion of registration forms, account creation, provider/coaching visits, communications with The After Cancer representatives, community posts and/or comments, or other direct interactions with us, such as emails, messaging, community fora, public social media postings, or video conferencing.
Through automated data collection technologies. We may collect your information using automated data collection technologies as described in the Cookies and Similar Technologies section below. For example, we may collect the IP (Internet protocol) address of the device you use to access our Site and other browsing information, such as page requests, browser type, operating system, and average time spent on our Site.
From third parties. Where applicable, we may obtain your information through third-party sources, such as from eligibility files and claims data that we receive from your employer or your health plan, and from family members and personal representatives who are registered with or interact with The After Cancer. If you are interacting with our Site as a potential business customer of The After Cancer, such as our “Contact Us” page or “Demo Request” page, we may supplement your personal data with information we receive from marketing partners and social media companies. We may combine this information with the information we collect about you to help us tailor our communications and improve our Services.
HOW WE USE YOUR INFORMATION
We may use your Personal Data as outlined below:
Provide the Services. We may use your Personal Data to provide the Services, connect you with our Providers and other Professionals, refer you to clinic partners, process any fees, provide customer services, create, and maintain business records, respond to your questions and comments, send you communications about the Services, and where applicable, process any reimbursements or claims, and communicate with your health plan, insurer or payor to verify edibility for our Services.
Build and maintain our relationship with you. We may use your Personal Information to improve your experience with our Services, send you marketing messages about the Services that may be of interest to you, send you educational materials, and obtain and respond to your feedback, questions, and comments. We may also draw inferences from the Personal Data we receive about you, such as information about your preferences, characteristics, and interest in our Services.
Improve the Services. We may use your Personal Data to facilitate and improve the operation of the Services, perform market research and analysis, analyze how the Services are being used and accessed, improve the functionality of the Services and your user experience, conduct quality assurance activities, perform internal business reviews, and develop new Services.
For research and development purposes. We may de-identify, pseudonymize, or anonymize your Personal Data by removing data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you or through other means. We do this so that we can conduct research and develop our products and services.
Comply with legal obligations and respond to legal proceedings. We may use your Personal Data to comply with our legal obligations, including maintaining records of our compliance with federal and state law requirements. We may also use your Personal Data to establish, exercise, or defend legal claims.
HIPAA Restrictions. Our use of your information in these contexts may be restricted by laws such as the U.S. Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). Please visit and review the Privacy Notice for Protected Health Information, which is specific notice provided by the health care professionals involved in your care and treatment through the Platform on how your health information may be used and disclosed and how you can get access to it.
Anonymized Data. We may use and share aggregated and deidentified data and information derived from your Personal Data with other entities for the purpose of performing activities that may help us provide and improve our Services. Where we aggregate or deidentify data, we take reasonable steps to ensure the information is not reidentified except as required by or pursuant to applicant law.
COOKIES AND SIMILAR TECHNOLOGIES
Google Analytics. We use Google Analytics to track website activity, such as session duration, pages per session, and the bounce rate of individuals using the site, along with the information on the traffic source. More information available here. To opt out of Google Analytics, you may disable cookies on your browser or install the Google Analytics Opt-Out Browser Ad-On.
Google Adwords. Google Adwords provides conversion tracking analytics with key insights into users' actions after viewing or clicking an ad. Adwords let us see which keywords, ads, ad groups, and campaigns are best at driving valuable customer activity to learn how customers may be interacting with ads on one device or browser.
Facebook Pixel. We use the Facebook pixel to collect data that helps our marketing teams track conversions from Facebook ads, optimize ads, build targeted audiences for future ads, and build personalized remarketing strategies for users who have already taken action on our website, such as downloading a guide or visiting a page. More information available here. To opt out of Facebook Ads, you can manage your Ad Choices.
LinkedIn Insight Tag. We use the LinkedIn Insight Tag, also known as LinkedIn Pixel, to gain insights into how ads lead to practical actions on the website, including content downloads, sign- ups, purchases, and more. More information available here.
While we deploy third party cookies on our Site, we limit the use of third-party tracking technologies behind authenticated webpages (including after you have logged into your account) and on our App.
Please note, the online advertising industry provides tools that permit you to opt out of certain interest-based advertising based on cookies. For more information about these programs and tools, you can visit the following:
HOW WE DISCLOSE THE INFORMATION WE COLLECT
Generally, we may disclose your Personal Data in the following circumstances:
Service providers. We may disclose your Personal Data with the service providers for the purposes described in this Notice, including organizations that provide services related to maintaining, operating, hosting, and improving the Services; payment processing; customer service; sending emails; fulfilling orders; technical support; data analytics; and marketing and advertising. It is our policy to limit our service providers’ use of your Personal Data to that which is necessary to perform their services for us.
Practitioners. We may disclose your Personal Data to wellness professionals and facilities offering their services via the Services (the “Practitioners”), with your consent, so that they may provide virtual consultations to you as part of the Service. In addition, when you communicate with us or submit information through the Services, we may share that information with Practitioners to enable them to communicate with you and provide the Service.
Your Employer or Health Plan. If your access to the Services is offered in connection with a program offered or supported by your employer or health plan, we will share certain Personal Data with your employer or health plan including your subscriber id, amount spent on applicable services, and satisfaction survey results. In certain circumstances, when permissible under applicable laws, your employer or group health plan may ask that we share certain Personal Data with a third party designated provider to use for their own purposes, such as cost analysis and understanding care outcomes. Your data may also be disclosed to your employer or health plan consistent with our obligations under HIPAA.
In Connection with a Business Transaction. We may disclose your Personal Data in the event of a bankruptcy, merger, acquisition, sale of all or part of our business, or other change or ownership or control (whether in whole or in part), subject to compliance with applicable legal requirements.
Law Enforcement. Personal Data may also be disclosed: to law enforcement, courts, and regulatory authorities in connection with a legally binding request; to detect and protect against security incidents and unlawful conduct; and/or as otherwise required or permitted by applicable law. We may also share certain deidentified, aggregated, and statistical information with clearinghouse entities, program administrators, academic and institutional review boards, and/or your employer.
OPTING OUT OF MARKETING AND GEOLOCATION TRACKING
If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications, or you may contact us at email@example.com to opt-out of direct marketing. Please be advised that you may not be able to opt out of receiving certain service or transactional messages from us, including legal notices.
If you use our App, we may obtain precise information about the location of your device with your express consent. Once you have consented to the collection of the precise location of your device, you may revoke this consent by managing your location services preferences through the settings of your device.
Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third parties as defined by the initiative. Please note that The After Cancer, like many digital service operators, does not recognize or respond to “Do Not Track” signals.
If you are considered a minor under the privacy laws in your country, we must obtain your parent or guardian’s consent prior to us allowing you to access the Services. We do not knowingly collect information from minor children without their parent, guardian, or representative’s consent. Please note the following:
The After Cancer Marketplace. If you are an individual looking to access our Site or register for our Services through an account directly from The After Cancer’s Site (“Marketplace”), you must be 18 years old or older. If we learn that we have inadvertently collected Personal Data from an individual under 18 years old, we will delete that information.
LINKS TO OTHER WEBSITES
Our Site or App may contain links or otherwise provide access to another website, mobile application, or Internet location (collectively “Third-Party Sites”). When you choose to contact another Third-Party Site, you are providing information (including Personal Data) directly to third parties outside of The After Cancer. Please note that we have no control over and are not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Notice does not apply to Third-Party Sites. We encourage you to review the Privacy Notices of each Third-Party who provides you with any services and the privacy policies of any website or application with which you interact.
HOW WE TRANSFER, STORE AND SECURE YOUR PERSONAL DATA
Please note the following about how we transfer, store, and secure your Personal Data:
Security of Information. We implement and maintain reasonable technical, physical, administrative, managerial, and organizational security measures designed to safeguard your Personal Data. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Personal Data. You also must keep your password secure and your account confidential. If you have reason to believe that the security of your account has been compromised, please notify us immediately at firstname.lastname@example.org.
Data Retention. We will retain your Personal Data for as long as is necessary to fulfill the purposes for which we obtained the Personal Data, including to provide the Services, or for such longer period as may be required or permitted by Plan contracts and/or applicable law and regulations. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We use the following criteria to set our retention periods: (i) the duration of our relationship with you; (ii) the purposes for processing your Personal Data and associated legal bases; (iii) the existence of a legal obligation as to the retention period; and (iv) the advisability of retaining the information in light of our legal position (for example, in light of applicable statutes of limitations, litigation, or regulatory investigations).
ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS
This section applies to California residents and contains disclosures pursuant to the California Consumer Privacy Act (“CCPA”). This section does not apply to individuals who are not California residents.
As a California resident, you are entitled to the following disclosures:
Categories of Personal Data. We have collected in the preceding 12 months the categories of Personal Data detailed in the Personal Data We Collect section above.
Sources of Personal Data. We have collected Personal Data from the categories of sources detailed in the How We Collect Your Personal Data above.
Use and Disclosure of Personal Data. We have used and disclosed Personal Data for the business and commercial purposes detailed, respectively, in the How We Use Your Information and How We Disclose The Information We Collect sections above. We only use and disclose your sensitive personal information for the following purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; or (vii) verifying or maintaining the quality or safety of a service or device. We do not disclose sensitive information for any other purpose.
Sales and Sharing of Personal Data. We do not sell Personal Data, including the Personal Data of minors under age 16. When interacting with our Site as a general user (e.g., not when you are logged in), we do share Personal Data with third parties for targeted advertising purposes.
Financial Incentives. From time to time, we may offer a financial incentive when you complete onboarding assessments, surveys, tracks, or other programs that ask you to share your feedback or other Personal Data with us. The specific instructions for how to participate in these programs and related incentives may vary and will be set out within each program. Our good faith estimate of the value of your Personal Data is the value of the benefit we offer to you. We have calculated that value by weighing our expense of operating the program against the benefit. Participation in these incentive programs is always optional, and you can terminate program participation at any time as explained in the applicable program terms. You can also contact us by using the contact information provided below to unsubscribe or cancel your program participation.
In addition, California residents have the following rights under the CCPA:
Right to Know. You have the right to request information about the categories of personal information we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and the categories of third parties with whom we have disclosed or sold your Personal Data, and the specific pieces of Personal Data we have collected about you.
Right to Delete. You have the right to request that we delete the Personal Data that we have collected about you.
Right to Correct. You have the right to request that we correct inaccurate Personal Data that we maintain about you.
Right to Opt-out of Sales or Sharing. You have the right to request to be opted-out from the sale or sharing of your Personal Data or targeted advertising.
Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
You may also authorize someone to exercise the above rights on your behalf. To do so, your authorized agent must submit a request via email@example.com and indicate that they are submitting the request as an agent. We may require the agent to provide proof that you gave signed permission to submit the request and may also require you to confirm with us that you provided the agent permission to submit the request or to verify your own identity directly with us. If you have provided us with information on your minor child, you may exercise the above rights on behalf of your minor child.
Most of the above rights are subject to our being able to reasonably verify your identity (or the identity of someone exercising these rights on your behalf) and authority to make these requests by providing verifiable information such as the following:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
California residents may exercise the Right to Know, Right to Delete, and the Right to Correct by submit your request in one of the following ways:
By email at firstname.lastname@example.org
By navigating to Account Settings within the App
To opt out of the sharing of your Personal Data for these purposes, please submit an opt-out request using a preference signal that is sent in a commonly used and recognized format, such as the Global Privacy Control.
We will respond to authorized and verified requests as soon as practicable and as required by law. In addition, the above rights are subject to various exclusions and exceptions under the law, and, under certain circumstances, we may be unable to implement your request. We will advise you of any reason for denying or restricting a request.
In addition, residents of California also have the right to request once per calendar year certain information with respect to the types of personal information (as defined by California law) we share with third parties for those third parties' direct marketing purposes, and the identities of the third parties with whom we have shared such information during the immediately preceding calendar year.
ADDITIONAL NOTICES FOR CERTAIN OTHER U.S. RESIDENTS
Certain other U.S. residents may be granted the following rights under the laws of your state of residence:
To access your Personal Data.
To correct inaccuracies in your Personal Data.
To delete your Personal Data that we have obtained.
To receive a copy of your Personal Data in a portable and readily usable format.
To opt in or opt out of certain types of sensitive Personal Data processing.
To opt out of the processing of your Personal Data for purposes of (i) targeted advertising or (ii) automated decision-making or profiling in furtherance of decisions that produce a legal or similarly significant effect on you.
If you choose to exercise any of these rights, The After Cancer will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our website or our products or services. You may have the right to appeal our decision if we deny your rights request. To submit an appeal, contact us at email@example.com.
HOW TO CONTACT US
If you have any questions about The After Cancer’s Privacy Notice, would like to exercise one of your data protection rights, or would like to submit a concern or complaint, please contact us at firstname.lastname@example.org. You can also write to us at:
The After Cancer Corporation
PO Box 30667, PMB 79909
Charlotte, North Carolina 28230-0667
UPDATES TO THIS NOTICE
We may update this Privacy Notice from time to time. The most recent version of the Privacy Notice is reflected by the version date located at the top of this Privacy Notice. We encourage you to review this Privacy Notice often to stay informed of how we may process your information. If we have the ability to do so (e.g., if you have an active account, or we have contact information for you), we will attempt to notify you of any material changes to our Privacy Notice that impact your Personal Data. Please note that if you object to any changes to the Privacy Notice, you may request to close your account.
© 2023 The After Cancer Corporation. All rights reserved.