Kyber Supplemental Privacy Notice for Certain California Residents
Effective: March 1, 2023
This Kyber Supplemental Privacy Notice for Certain California Residents (this “Notice”) is provided on behalf of Kyber Data Science LLC and its subsidiaries, Kyber Health Data LLC, Kyber Survey Data LLC, Kyber Data Sub LLC and Kyber Aesthetic Data LLC (Kyber and its subsidiaries are referred to collectively herein as “Kyber”, “we”, “us”, “our” or similar pronouns). This Notice applies solely to California residents who are health care providers and whose personal information is included in one or more of Kyber Health Data LLC’s or its subsidiaries’ data products (“health care providers” or “you”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act of 2020 (the “CPRA”), and regulations promulgated under the foregoing (collectively, as amended, the “California Requirements”). Any terms defined in the California Requirements (such as “personal information”) have the same meaning when used in this Notice.
CATEGORIES OF PERSONAL INFORMATION
We have collected the following categories of personal information of health care providers in the preceding 12 months:
- Identifiers, such as government-issued unique personal identifier and business address.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as place of employment or employment history.
- Commercial information, such as devices and supplies used by health care providers in the course of their provision of care.
- Professional or employment-related information.
CATEGORIES OF SOURCES
We collect limited personal information related to professional activities of health care providers residing in the state of California that come from a variety of sources, including health care organizations (e.g., physician practices, hospitals, clinics, and pharmacies), federal and state government organizations, payers, medical claims clearinghouses and other vendors.
USE AND DISCLOSURE FOR BUSINESS AND COMMERCIAL PURPOSES
We use and disclose each of the categories of personal information listed above for business or commercial purposes. These purposes include to operate, manage and maintain our business, to create, develop, provide and enhance our products and services, and to accomplish our business purposes and objectives. In the preceding 12 months, we have disclosed the categories of personal information listed above for business purposes to our service providers.
“SALES” AND “SHARING” OF PERSONAL INFORMATION OF HEALTH CARE PROVIDERS
Certain of Kyber Health Data LLC’s data products include limited personal information related to professional activities of health care providers who reside in California and, as a result, our provision of such data products to our customers may constitute a “sale” under the California Requirements. On this basis, in the preceding 12 months, we have “sold” and, subject to each such health care provider’s opt-out right described below, may in the future “sell” the following categories of personal information to customers of those Kyber data products: identifiers; personal information categories listed in the California Customer Records statute; commercial information; and professional or employment-related information. Kyber Health Data LLC’s customers are not permitted by contract to use our products to market products and services to you. We do not have actual knowledge that we sell the personal information of minors under 16 years of age.
We do not, and have not in the preceding 12 months, “shared” personal information about you with third parties for cross-context behavioral advertising.
Certain of Kyber Health Data LLC’s data products include, and we have collected in the preceding 12 months, information that is deidentified as follows:
- Deidentified patient information, deidentified pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”) expert determination method.
- Information about professional activities of healthcare providers, deidentified according to the California Requirements.
With respect to information that is “deidentified” according to the California Requirements, we maintain and use such information in deidentified form and do not attempt to reidentify the information, except for the purpose of determining whether the deidentification processes satisfy the California Requirements.
RETENTION OF PERSONAL INFORMATION
We will retain your personal information for as long as necessary to fulfil the purposes for which we collected it (as described above), including for the purposes of satisfying any legal, tax, accounting, or reporting requirements. To determine the appropriate retention period, we consider the nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances, we may anonymize or deidentify your personal information so that it can no longer be associated with you, in which case we may retain and use such data without further notice to you to the extent permitted by law.
RIGHT TO KNOW & ACCESS FOR HEALTH CARE PROVIDERS
You have the right to request that we disclose the following information to you with respect to the preceding 12 months or a longer period as applicable under the California Requirements:
- the categories of personal information collected about you;
- the categories of sources from which the personal information is collected;
- the purposes for collecting or disclosing personal information;
- the categories of third parties to which we disclose personal information for a business purpose;
- the categories of personal information we have “sold” and, if applicable, the categories of third parties to which we sold personal information; and
- the specific pieces of personal information we collected about you.
Correction Request Rights
You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the personal information and purpose for which it is processed. Once we receive and confirm your verifiable request, we will use commercially reasonable efforts to correct the requested personal information within our records as required by the California Requirements.
DELETION REQUEST RIGHTS FOR HEALTH CARE PROVIDERS
You have the right to request that we delete the personal information we collected about you, subject to certain exceptions provided by the California Requirements. Once we receive and confirm your verifiable request, we will delete the requested personal information from our records, unless an exception provided by the California Requirements applies. For example, we may retain personal information as required or permitted by law, and may maintain a copy of your deletion request.
EXERCISING YOUR RIGHTS
To request to exercise the rights described above, please submit a verifiable consumer request to us by either calling us at 800-892-6818 or completing our request form. If you have any questions, please contact us using the information in the Contact Us section below.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We may elect not to carry out your requests under the right to know or access more than twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Please describe your request with sufficient detail for us to properly understand, evaluate and respond to it.
OPT-OUT RIGHTS FOR PERSONAL INFORMATION SALES
You have the right to opt out of our future “sale” of your personal information. To do so, you may submit a request to us by:
- Visiting Do Not Sell or Share My Personal Information.
- Contacting us at 1-800-648-1158.
Please describe your request with sufficient detail for us to properly understand, evaluate and respond to it.
REQUESTS FROM AUTHORIZED AGENTS
If you would like an authorized agent to submit a request under the California Requirements on your behalf or if you are an authorized agent of a consumer and registered with the Secretary of State to conduct business in California, please follow the instructions for requests from authorized agents as explained on our request form.
RIGHT OF NON-DISCRIMINATION
You have the right not to receive discriminatory treatment by us for exercising any of your rights under the California Requirements.
REASONABLE ACCESS FOR HEALTH CARE PROVIDERS WITH DISABILITIES
Persons with disabilities may obtain this Notice in alternative format by using the accessibility features on www.cowen.com where this Notice is posted.
CHANGES TO THIS NOTICE
We reserve the right to amend this Notice at our discretion at any time. When we make changes to this Notice, we will post the updated Notice on the website and update the Effective Date.
If you have any questions about our privacy practices, please contact us at 1-800-648-1158.