Privacy Policy

Welcome to the Cambia Grove website (the “Website”); our goal is to help spread ideas. We encourage our community to discover and share with one another. While gathering information about the people who use the Website is an important part this experience, we take your privacy very seriously, and make every effort to safeguard your personal data. This privacy policy is intended to inform you of what information we collect, how this information is used, and what steps we take to protect this information. If you have any questions or concerns about our privacy policy and protections, please contact us at info@cambiagrove.com.

What information do we collect?

We collect two kinds of information:

  1. Information that you directly provide to us.
  2. Information that we automatically collected through your use of the Website (“automatically collected information”).We may use this information to help customize your experience based on your previous activities on the Website.

Information you provide directly to us

Through use of the Website, you may provide certain information to us including:

  1. Your name
  2. Contact information
  3. Social medial handles (e.g. Twitter, LinkedIn, Facebook)
  4. Contributed content such as ideas, suggestions, feedback, documents, and/or proposals.

Comments, conversations and other public activities

We offer you opportunities to engage in public activities on the Website. "Public Activities" are any actions you take that are designed to be visible to other users, including comments, pledges, blogs, conversations, recommendations and postings. If you choose to engage in Public Activities, you should be aware that any personal information you submit there can be read, collected or used by other users of these areas.  These Public Activities are subject to the Terms of Use.
We are not responsible for the personally identifiable information you choose to submit in these forums, and we have no responsibility to publish, monitor, remove or edit any of your comments, conversations or other content. For more information, see the Terms of Use.

Automatically collected information

We use various technologies to manage the Website and track use of the content we provide, including:

  • the IP address used when registering and submitting content to the site
  • standard web analytics information
  • aggregated data about email click-through rates and video viewing
  • information collected through HTML cookies, Flash cookies, web beacons, and similar technologies.

Automatically collected information collected using these technologies may be combined with information you provide directly to us.

Device information

We may automatically collect information about the computer, mobile device or other device you use to access the Website, such as IP address, geolocation information, unique device identifiers, browser type, browser language and other transactional information.
This information may be used to offer you optimized experiences based on your device or location.

How we use the information we gather

Spreading Ideas

Our goal is to help spread ideas and encourage innovation. We encourage our community to discover and share with one another.  As such, keep in mind that unless we state otherwise, any information you provide either directly or through a Public Activity will not be considered confidential and can be publicly read, collected, shared or used by us or others. Information provided to third party partners are subject to the third party partner’s terms of use and privacy policies.

Providing requested services:

We may use the information that we collect to fulfill your requests for services and information. For example, we may use your contact information to respond to your inquiry/requests, or to enable registration for one of our events.

E-mail and newsletters

If you sign up for one of our email or newsletters, we will send you the email or newsletter that you requested. We may also use the information that we collect to send you other communications, such as information about our events. You may opt out of receiving this information by following the directions in the email or newsletter to unsubscribe.

Statistical analysis:

We perform statistical analyses of users of the site, and their viewing and participation patterns, for product development purposes and to generally inform advertisers about the nature of our audience.

Third parties:

We may employ third parties to perform site-related services, including database management, maintenance services, analytics, marketing, billing and email distribution. These third parties have access to your information only to perform these tasks on our behalf.

Please note that in performing these tasks on our behalf, third parties may collect data about you, including your IP address and information about the websites you visit and the links you click, through cookies, clicks on links, or other means. 

Enforcement

We may use the information that we collect to prevent illegal activities, to enforce the Website Terms of Use, or as otherwise required by law.
In addition to the uses identified above, we may use the information that we collect for any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
No Selling of Your Data
We do not sell the information we collect. 

Protection of your information

To prevent unauthorized access, maintain data accuracy and ensure the appropriate use of information, we have put in place commercially reasonable physical, technical and administrative controls to protect your information. Please note that no method of transmission over the internet is 100% secure.

Children under the age of 13

We do not knowingly collect personal information from children under 13. If we learn that we have collected any personal information from a child under the age of 13 without verifiable parental consent, we will delete that information from our database as quickly as possible. If you believe that we may have collected information from a child under 13, please contact us.

Changes to this privacy policy:

This privacy policy may be amended from time to time. Any such changes will be posted on this page. We will notify you of any significant or material changes in the way we treat your information by placing a prominent notice on our site or sending a notice to the primary email address specified in your account.

Accessing and Deleting Collected Data

You may access and share the data that we have about you. If you have any concerns about the accuracy of the data, send questions to info@cambiagrove.com. If you wish to delete the previous data you have consented to share with us, you may do so by contacting Customer Support. When you request for us to delete your previously provided data, it will be deleted within 60 days after your request unless we reach out to you to request additional time to delete your data. 

Unsubscribing

To unsubscribe from our emails or newsletters, click on the link at the bottom of an email or newsletter you have received.

 

California Consumer Privacy Act

Individuals who reside in the state of California, a “consumer,” as that term is defined under California law, have additional rights reserved under the California Consumer Privacy Act (CCPA) and the California Shine the Light law:

  • Right to Opt-Out. We do not sell personal information.
  • Right to Request Personal Information. As a consumer, you have the “right to know” and request that we disclose what personal information we collect, use, and disclose. See the instructions below for submitting a verifiable request, including through the online request form offered by us. You have the right to request the categories of personal information, as detailed under the CCPA, we have collected and store about you. In addition, you have the right to request categories of sources of personal information we collected about you, the business or commercial purpose for collecting, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we have collected about you. Categories of personal information that we disclosed about you for a business purpose may also be requested, with the appropriate lists provided under the CCPA. Upon receipt of a verifiable consumer request, described below in this Privacy Statement/Notice, from you to access personal information, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required by this section and within the timeframes permitted for responding to exercise of this or other applicable right(s). The information may be delivered by mail or electronically, dependent on portability and technical considerations under the CCPA. We may provide personal information to you at any time following a verified request, but shall not be required to provide personal information to you more than twice in a 12-month period.  
  • Right to Delete Personal Information. You have the right to request we delete personal information we, or our service providers, store about you. Please keep in mind our response to such a request, upon verification, may include an explanation of the business purpose under which we may retain your information (for example, we would need to retain copies of a business transaction for financial records) in accordance with the CCPA. 
  • Non-Discrimination. If you elect to exercise any right(s) under this section of our Privacy Statement, we will not discriminate or retaliate against you.

If you are a California consumer and would like to submit a request based on this section of our Privacy Statement, please use this web form, email us at compliance@cambiahealth.com, or call us toll-free at 877-878-2273.  Also, be sure to check this policy for updates as we will review it at least every 12 months and make updates as necessary.  

Identity Verification Requirement.  We are required by law to verify that any data access request submitted under the authority of the CCPA was made by someone with the legal right to access the personal information requested. Therefore, prior to accessing or divulging any information pursuant to a data subject access request, under the terms of the CCPA, we may request that you provide us with additional information in order for us to verify your identity, your request, and legal authority (ex. authorized representative). Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Please indicate in your request if either of these apply, as additional verification may apply (ex. verify consumer’s identify and confirm with impacted person(s) that the authorized agent has permission to submit the request).

A verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. A verifiable request must also include sufficient detail that allows us to properly understand, evaluate, and respond to it. 

In general, our verification process includes reviewing the information submitted in the request, comparing it to the right(s) requested; the number of verification points/methods required by the CCPA; and the type, sensitivity, and risk of information requested, including to the consumer, from unauthorized disclosure or deletion. An account is not required with us in order to make a request. We will use personal information provided in a verifiable consumer request to verify the requestor's identity and authority to make the request, or otherwise as permitted by the CCPA (ex. record retention). We will respond to a verifiable consumer request within 45 days of its receipt, and if we require more time (up to 90 total days), we will inform you of the reason of the extension in writing. A response to a consumer request will be provided as required by the CCPA, such as through an account (if one exists), or otherwise by mail or electronically. 

Access Request Responses.  Under the CCPA, there may be certain circumstances where we would deny your request to access, receive, or delete personal information we hold.  For example, we would deny requests where any such access or disclosure would interfere with our regulatory or legal obligations, where we cannot verify your identity, and/or where exemptions/exceptions permitted by the CCPA apply. We also have the ability under the CCPA to deny requests if it would result in our disproportionate cost or effort.

Further, certain rights granted by the CCPA will not be effective until January 1, 2021. However, even where we will not substantively complete a request made under the CCPA, we will still provide a response and explanation to your request within a reasonable time frame and as required by law.

Disclosure of Categories. As defined by the CCPA, categories of personal information collected from consumers by us within the past 12 months include:

Categories

Examples

Collected (Yes or No)

A. Identifiers.

A real name, alias, postal address, unique personal

identifier, online identifier, Internet Protocol address,

email address, account name, Social Security

number, driver's license number, passport number,

or other similar identifiers.

Yes

B. Personal information

categories listed in the

California Customer

Records statute (Cal.

Civ. Code §

1798.80(e)).

A name, signature, Social Security number, physical

characteristics or description, address, telephone

number, passport number, driver's license or state

identification card number, insurance policy number,

education, employment, employment history, bank

account number, credit card number, debit card

number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may

overlap with other categories.

Yes

C. Protected

classification

characteristics under California or federal

law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression,  pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

D. Commercial

information.

Records of personal property, products or services purchased, obtained, or considered, or other

purchasing or consuming histories or tendencies.

Yes

E. Biometric

information.

Genetic, physiological, behavioral, and biological

characteristics, or activity patterns used to extract a

template or other identifier or identifying information,

such as, fingerprints, face prints, and voiceprints, iris

or retina scans, keystroke, gait, or other physical

patterns, and sleep, health, or exercise data.

No

F. Internet or other

similar network activity.

Browsing history, search history, information on a

consumer's interaction with a website, application, or

advertisement.

Yes

G. Geolocation data.

Physical location or movements.

No

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar

information.

No

I. Professional or

employment-related

information.

Current or past job history or performance

evaluations.

Yes

J. Non-public

education information

(per the Family

Educational Rights and

Privacy Act (20 U.S.C.

Section 1232g, 34

C.F.R. Part 99)).

Education records directly related to a student

maintained by an educational institution or party

acting on its behalf, such as grades, transcripts,

class lists, student schedules, student identification

codes, student financial information, or student

disciplinary records.

Yes

K. Inferences drawn

from other personal

information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Yes

 

Personal information may also be collected in the course of a natural person acting as a current or former job applicant, employee, director, officer, or contractor within the context of that natural person’s role. Additional information collected may include emergency contact and information to administer benefits, including to another person.

“Personal information” does not include publicly available information, meaning information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge. “Personal information” also does not include consumer information that is deidentified or aggregate consumer information. This Notice addresses online and offline practices by us. Information excluded from the CCPA’s scope includes health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Other information excluded includes those covered by the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. 

Personal information is collected and may be used to provide the services to you, to perform obligations under agreements, to provide information and notifications to you or an authorized representative, to protect the rights and safety of you and/or others, to comply with court and other legal requirements, for business purposes and as otherwise set forth in the CCPA, to conduct organizational and operational needs, and as otherwise described when collecting personal information or within this page. A request for personal information collected and/or deletion, noted above, may involve categories and/or specific pieces of information. However, certain exemptions and exceptions may apply in responding to a request. 
This business has not sold categories of personal information within the meaning of the CCPA, including minors under 16 years of age. 

Categories of personal information from our consumers disclosed for a business purpose within the past 12 months include:

(A) Identifiers such as real name, alias, postal address, unique identifiers, online identifiers, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers;
(B) Categories of personal information as described in California Civil Code 1798.80(e);
(C) Characteristics of protected classifications under California or federal law;
(D) Commercial information, including records of personal property, products or services purchased, obtain, or considered, or other purchasing or consuming histories or tendencies;
(F) Internet or other electronic network activity information, including but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement;
(I) Professional or employment-related information;
(J) Education information, defined as information that is not publicly available personally available information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99); and
(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Business purposes may include auditing (ex. auditing and legal/regulatory compliance), security (ex. detecting security breaches), debugging (ex. identifying and fixing technical errors), short-term uses (ex. ad customization), performing services (ex. processing transactions), internal research (ex. product development), and testing/improvement (ex. improvement of technology). 

Categories of sources from which personal information was directly and indirectly collected in the past 12 months include from you and/or authorized agents (ex. documents provided to us related to the services for which you/they engage us, and information we collect in the course of providing services to you/them); interaction with our platforms and services (ex. website portal); and third parties (ex. those that provide services such as purchased information, advertising networks, internet service providers, operating systems and platforms, social networks, and data brokers). This could include information obtained on websites and services from third parties that interact with us in connection with the services we perform or are linked to. 

Categories of third parties with whom the business shared personal information in the past 12 months include authorized agents, affiliates, service providers (such as those described previously), contractors, and authorized third parties. 

Contact Us 

To make a request please contact us at please contact the us at compliance@cambiahealth.com with "CCPA Personal Information Request" in the subject line, and provide us with full details in relation to your request, including your contact information, the specific name of this business, and any other detail you feel is relevant. You can also use the other contact methods mentioned previously. If you are from another area (ex. state) and believe you are entitled to exercise applicable right(s), please use the email address and/or phone number given and include relevant details. If you have questions or concerns about the business’s privacy policies and practices, you can use the contact methods mentioned above (ex. telephone, email) in this Notice to contact us. 

Last Updated: June 25, 2020

 

Page Type
Standard Page