Information We Collect
Personal information collected from you on our Website will be used to carry out the actions you have requested or authorized. Additionally, we may use your personal information to provide you with information about our Services.
Our Website may collect certain information about your visit, such as the name of your Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the browser you are using; the date and time you access our Website; the pages that you access while at our Website and the Internet address of the Website from which you linked directly to our Website. This information is used to help improve our Website, analyze trends, and administer our Website.
We provide the opportunity for individuals to “opt-out” of having their personal information (as collected from our Website) used for the purposes set forth above, and we provide the right to be “forgotten” (i.e., we will remove all of your personal information from our records). If you do not wish your personal information (as collected from our Website) to be stored on our systems, or provided to third parties, we will remove your information from these systems. Simply email firstname.lastname@example.org with the details of your request.
As part of our Services, we provide a web-based software service to our customers (primarily business entities) and their designated third party users (collectively, our “Users”) that utilizes information related to healthcare and lifestyle to offer users a personalized health and lifestyle benefits decision support experience. In providing the Services to our Users, we collect, store and process data that our Users and customers submit to us or instruct us to process. We use such information in order to provide the Services to our Users pursuant to the terms of the written agreement between us and our customer, and we do not use this information for any other purpose.
While our Users and customers decide what information to submit, it typically includes:
- Name, date of birth, information on family members, compensation
- Employment information, including information about the identity of your employer, the health plans that your employer offers to you, and the cost of each of those health plans to you
- Demographic information such as your city, state, country of residence, postal code, and age
- Medical insurance-related information such as medical insurance usage information, including insurance login information, how much you and your dependents spent on medical care, how you used your medical insurance and how much you paid for medical treatment or medication out of pocket
- Credit information, such as your consumer report
- Health and lifestyle information, such as medical conditions and activities
It is your right to withhold providing this information when requested (or you later ask to delete it). We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
The information collected may include personally identifiable information. When we provide our Services to our Users, in some instances we process personal information about third parties that is provided by our Users.
We use a limited number of third-party service providers to assist us in providing our Services to our Users. These service providers fall into one of the following categories:
- Hosting providers (Amazon Web Services)
- Providers of additional functionality for our Services (as set forth in the written agreement between us and our customer)
These third parties may access, collect, process, or store personal information in the course of providing their services. We will only provide personal information to these third parties for the purpose of providing our Services to our Users. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal information.
We may create anonymous, aggregated or de-identified data from personal information you provide. We may make some personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business. Where we have de-identified personal information, we will not attempt to re-identify it, and we will ensure that any third parties who receive such de-identified information are required to not re-identify it.
Cookies and Other Automated Means
We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Service. Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. Our Website and Service may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).
The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.
On our Website, this information is collected using cookies, browser web storage (also known as locally stored objects, or “LSOs”), Flash-based LSOs (also known as “Flash cookies”), web beacons, and similar technologies, and our emails may also contain web beacons. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Website or Service may not work properly.
With Your Consent
In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
How We Use Your Personal Information
- To understand your needs and interests in our products and services
- Respond to your requests, questions and feedback
- To send you marketing and promotional communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the “Your Rights” section below.
- Provide, operate and improve the Service
- Establish and maintain your user profile on the Service
- Manage the security features of the Service
- Understand your needs and interests, and personalize your experience with the Service
- Provide support and maintenance for the Service
- Utilization to analyze and improve the service
To Comply With the Law
We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
Disclosure Required by Law
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet government authority or law enforcement requirements.
We reserve the right to disclose personal information as required by law and when we believe that disclosure is necessary to protect our legal rights and/or to comply with a judicial proceeding, court order, or legal process.
Access to Personal Information
Nayya Website and Services
We acknowledge the right of individuals to access their personal information as collected through our Website and/or Services. Individuals wishing to review, edit, supplement or delete their personal information as collected may do so by contacting us at email@example.com. We will promptly respond to any such request.
The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
How We Manage Your Personal Information
Personal Information Collection
Your personal information is collected on a one-time basis or as necessary for the third parties to perform the Service.
Personal Information Transfers
Your information is stored in the United States. If it is necessary to transfer your information, we will ensure that your personal information is protected by appropriate safeguards as required by applicable data protection laws.
Personal Information Retention
We retain your information in line with our Data Management Policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements (e.g. HIPAA) or where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymize it more promptly. This includes user account information affiliated with our Service.
There may be occasions where we are unable to fully delete, anonymize, or de identify your information due to technical, legal, regulatory compliance or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal information from any further processing until such time as we are able to delete, anonymize, or de-identify it.
Individuals located in certain countries have certain statutory rights in relation to their personal information. Subject to any exemptions provided by law, you may have the right to request access to information, as well as to seek to update, delete or correct this information. If you are a Nayya user, you can exercise this right by contacting us at firstname.lastname@example.org.
We only collect, use, and process personal information where we have lawful grounds to do so, which may include, without limitation: (i) in order to provide the requested Services, (ii) in connection with our legitimate interests, (iii) in connection with our fulfillment of legal obligations, or (iv) as otherwise consented to by you. For the avoidance of doubt, we may process personal data for direct marketing purposes as set forth above and you have a right to object to our use of your personal data for this purpose at any time.
Some of the business partners that collect information about users’ activities on or through the Service may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising. Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
Other Sites, Mobile Applications and Services
The Service may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
As a general rule, children are not allowed to use the Service and neither our Website nor our Services are directed to children. We define “children” as anyone under 13 years of age. Any personal information of a child we collect has been provided directly by a parent or guardian through use of the Services. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us.
How to Contact Us
Please direct any questions or comments about this Policy or privacy practices to email@example.com.
PRIVACY RIGHTS ADDENDUM
Depending on your state of residence, you may have the rights listed below with respect to the information we collect from you. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.Personal Information We Collect, Disclose for a Business Purpose
We collect the following categories of Personal Information.
|Examples (not a comprehensive list)
|Service Collected (Yes/No)
|Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number or similar identifiers
|Personal Information Categories under Cal. Civ. Code Sec. 1798.80
|Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information
|Protected classifications under CA or federal law
|Age, race, sexual orientation, military status, citizenship, religion or creed, marital status
|Records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories
|Physiological, biological or behavioral characteristics, activities, such as imagery of the iris, retina, or fingerprints, from which an identifier template such as a faceprint or voiceprint can be extracted
|Internet or other electronic network activity information
|Browsing history, search history, and information regarding interaction with an internet website application or advertisement
|Audio, electronic, thermal, visual, olfactory, or other similar information
|Non-Public Education information
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records
|Inferences drawn from any of the information identified in this chart to create a profile of a person relating to that person’s preferences, characteristics, behavior, abilities etc
|Sensitive Personal Information
|Personal Information that reveals an individual’s Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation information; racial or ethnic origin; the contents of mail, email, and text messages unless we are the intended recipient of the communication; personal information collected and analyzed concerning an individual’s health; biometric information used for the purpose of uniquely identifying an individual; personal information collected and analyzed concerning a consumer’s sex life or sexual orientation
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. We will disclose to you:
- The categories of Personal Information we collect about you.
- The categories of sources for the Personal Information we collect about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collect about you and the right to obtain and reuse this information (also called a data portability request).
- If we sell or disclose your Personal Information for a business purposes, two separate lists disclosing (1) which disclosures are done for a business purposes, identifying the Personal Information categories that each recipient obtained; and (2) which disclosures are done for sales, if applicable, identifying the Personal Information categories that each category of recipient purchased.
- Complete the transaction for which the Personal Information was collected
- Detect security incidents and product against any malicious, fraudulent activity
- Debug and/or repair errors
- Exercise free speech, ensure the right of another consumer to exercise that right of free speech, or exercise another right provided by law
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546) or any such similar law or regulation
- Engage in a public or peer-reviewed scientific, historical or statistical research that complies with all applicable ethics and privacy laws
- Comply with a legal obligation.
You are entitled to exercise your rights and be free from retaliation. This means that we will not:
- Deny you goods or services
- Charge different prices for goods or services for exercising your rights (whether through denying benefits or imposing penalties)
- Provide you with a different level of quality of goods or services
- Threaten you with any of the above
You have the right to request a correction of any inaccurate Personal Information we have about you, and we shall use commercially reasonable efforts to make such corrections after we receive a verifiable consumer request.Right to Limit Sensitive Personal Information.
You have the right to limit our use of your sensitive Personal Information only to what is necessary to perform the services or to fulfill the reason that we collected such information and/or other permissible business purposes.Opt-Out Rights
We do not sell your Personal Information in the conventional sense (i.e., for money). However, like many companies, we use services that help deliver interest-based ads to you. California law may classify our use of these services as a “sale” of your Personal Information to the companies that provide the services. This is because we allow them to collect information from our website users (e.g., online identifiers and browsing activity) so they can help serve ads more likely to interest you. You can submit an [Opt-out Request](https://support.nayya.com/hc/en us/requests/new) to opt-out of this “sale” of your personal information by one of the means specified below.
If you direct us not to sell your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
If we know that you are younger than 16 years old, we will ask for your permission (or if you are younger than 13 years old, your parent’s or guardian’s permission) to sell your Personal Information before we do so.Third Party Disclosures.
We engage in certain trusted third parties to perform functions and provide services to us, including auditing, hosting and maintenance, helping to ensure security, debugging, database storage and management, and direct marketing campaigns. We may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. We also require these third parties to maintain the privacy and security of the Personal Information they process on our behalf.How to Exercise Your Consumer Rights
To exercise your right to access, data portability, correction and/or deletion rights described above, please submit a verifiable consumer request to us by either:
- Emailing us at firstname.lastname@example.org; or
- Visiting us at www.nayya.com/contact-us/contact-us; or
- Chat via app.nayya.com
Only you, or if you are a California resident, a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another without hindrance. The verifiable consumer request must:
- Provide sufficient information that allows us to verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient details that allows us to properly understand, evaluate, and respond to it
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to all verified requests within 45 days of receipt of the verified request, although this time may be extended as permitted by law. Depending on your state of residence, you may have the right to appeal our response to a verifiable consumer request by submitting a written request to us by mailing us at email@example.com.
We will respond to your appeal within 45 days of receipt, although this time may be extended as permitted by applicable law. Upon receipt of our appeal decision, depending on your state of residence, you may submit a complaint to the Attorney General’s office.