Kyber Supplemental Privacy Notice for Certain California Residents
Effective: March 2021
This Kyber Supplemental Privacy Notice for Certain California Residents (this “Notice”) is provided on behalf of Kyber Data Science LLC and its subsidiaries (referred to collectively as “we”, “us”, “our” or similar pronouns). This Notice applies solely to California residents who are health care providers and whose personal information is included in one or more of Kyber Health Data LLC’s data products (“health care providers” or “you”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA (such as “personal information”) have the same meaning when used in this Notice.
Categories of Personal Information
We have collected the following categories of personal information of health care providers in the preceding 12 months:
- Identifiers, such as government-issued unique personal identifier and business address.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as place of employment or employment history.
- Commercial information, such as devices and supplies used by health care providers in the course of their provision of care.
- Professional or employment-related information.
In addition, we have collected the following categories of personal information in the preceding 12 months:
- Deidentified patient information, deidentified pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”) expert determination method.
Categories of Sources
We collect limited personal information related to professional activities of health care providers residing in the state of California that come from a variety of sources, including health care organizations (e.g., physician practices, hospitals, clinics, and pharmacies), federal and state government organizations, payers, medical claims clearinghouses and other vendors.
USE AND DISCLOSURE FOR Business and Commercial Purposes
We use and disclose the categories of personal information listed above for business or commercial purposes. These purposes include to operate, manage and maintain our business, to create, develop, provide and enhance our products and services, and to accomplish our business purposes and objectives. In the preceding 12 months, we have shared the categories of personal information listed above for business purposes with our service providers.
Sales of Personal Information OF HEALTH CARE PROVIDERS
Certain of Kyber Health Data LLC’s data products include limited personal information related to professional activities of health care providers who reside in California and, as a result, our provision of such data products to our customers may constitute a “sale” under the CCPA. On this basis, in the preceding 12 months, we have “sold” and, subject to each such health care provider’s opt-out right described below, may in the future “sell” the following categories of personal information to customers of those Kyber data products: identifiers; personal information categories listed in the California Customer Records statute; commercial information; and professional or employment-related information. Kyber Health Data LLC’s customers are not permitted by contract to use our products to market products and services to you. We do not have actual knowledge that we sell the personal information of minors under 16 years of age.
SALES OF DEIDENTIFIED PATIENT INFORMATION
Certain of Kyber Health Data LLC’s data products include deidentified patient information which has been deidentified pursuant to the HIPAA expert determination method.
Access and Data Portability Rights FOR HEALTH CARE PROVIDERS
You have the right to request that we disclose the following information to you with respect to the preceding 12 months:
- the categories of personal information collected about you;
- the categories of sources from which the personal information is collected;
- the purposes for collecting or sharing personal information;
- the categories of third parties with which we share personal information for a business purpose;
- the categories of personal information we have “sold” and, if applicable, the categories of third parties to which we sold personal information; and
- the specific pieces of personal information we collected about you.
These access and data portability rights do not apply to personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) for so long as an exception provided by the CCPA applies.
Deletion Request Rights FOR HEALTH CARE PROVIDERS
You have the right to request that we delete the personal information we collected about you, subject to certain exceptions provided by the CCPA. Once we receive and confirm your verifiable request, we will delete the requested personal information from our records, unless an exception provided by the CCPA applies. For example, we may retain personal information as required or permitted by law, and may maintain a copy of your deletion request.
Exercising Your Access, Data Portability or Deletion Rights
To exercise the access, data portability and deletion rights described above, please submit a verifiable consumer request to us by contacting us using the information in the Contact Us section below.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Please describe your request with sufficient detail for us to properly understand, evaluate and respond to it.
Opt-Out Rights for Personal Information Sales
You have the right to opt out of our future “sale” of your personal information. To do so, you may submit a request to us by:
- Visiting Do Not Sell My Personal Information.
- Contacting us using the information in the Contact Us section below.
Please describe your request with sufficient detail for us to properly understand, evaluate and respond to it.
Requests from Authorized Agents
If you would like an authorized agent to submit a CCPA request on your behalf or if you are an authorized agent of a consumer and registered with the Secretary of State to conduct business in California, please contact us using the information in the Contact Us section below for instructions and details on proof required for use of an authorized agent, including a copy of the written permission signed by the consumer for the agent to act on the consumer’s behalf in this manner.
Right of Non-Discrimination
You have the right not to receive discriminatory treatment by us for exercising any of your CCPA rights.
Reasonable Access for HEALTH CARE PROVIDERS with Disabilities
Persons with disabilities may obtain this Notice in alternative format upon request by contacting us using the information in the Contact Us section below.
Changes to this Notice
We reserve the right to amend this Notice at our discretion at any time. When we make changes to this Notice, we will post the updated Notice on the website and update the Effective Date.