Privacy Policy

Last Updated Date: April 5, 2023

Overview

Nayya Health, Inc. (together with its subsidiaries, if any, “Nayya,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy describes (1) the types of personal information we may collect from you or that you may provide when you visit our website located at www.nayya.com and (2) our practices for collecting, using, protecting and disclosing that information. This Privacy Policy also describes how we collect and use data in connection with our software-as-a-service offering and related professional services that we provide pursuant to written agreements with our customers (herein referred to as the “Services”).

Information We Collect

Nayya Website

Personal information collected from you on our Website will be used to carry out the actions you have requested or authorized. Additionally, we may use your personal information to provide you with information about our Services.

Our Website may collect certain information about your visit, such as the name of your Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the browser you are using; the date and time you access our Website; the pages that you access while at our Website and the Internet address of the Website from which you linked directly to our Website. This information is used to help improve our Website, analyze trends, and administer our Website.

From time to time we may receive personal information about you from third-party sources. For example, a business partner may share your contact information with us if you have expressed interest in learning specifically about our products or services, or the types of products or services we offer. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources and data providers. We may maintain pages for our Company on social media platforms, such as Facebook, LinkedIn, Twitter, Google, YouTube, Instagram, and other third party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

We provide the opportunity for individuals to “opt-out” of having their personal information (as collected from our Website) used for the purposes set forth above, and we provide the right to be “forgotten” (i.e., we will remove all of your personal information from our records). If you do not wish your personal information (as collected from our Website) to be stored on our systems, or provided to third parties, we will remove your information from these systems. Simply email legal@nayya.com with the details of your request.

Nayya Services

As part of our Services, we provide a web-based software service to our customers (primarily business entities) and their designated third party users (collectively, our “Users”) that utilizes information related to healthcare and lifestyle to offer users a personalized health and lifestyle benefits decision support experience. In providing the Services to our Users, we store and process data that our Users submit to us or instruct us to process. We use such information in order to provide the Services to our Users pursuant to the terms of the written agreement between us and our customer, and we do not use this information for any other purpose.

While our Users decide what data to submit, it typically includes:

  • Employment information, including information about the identity of your employer, the health plans that your employer offers to you, and the cost of each of those health plans to you
  • Demographic information such as your city, state, country of residence, postal code, and age
  • Medical insurance-related information such as medical insurance usage information, including insurance login information, how much you and your dependents spent on medical care, how you used your medical insurance and how much you paid for medical treatment or medication out of pocket.
  • Credit information, such as your consumer report

It is your right to withhold providing this information when requested (or you later ask to delete it). We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.

The information collected may include personally identifiable information. When we provide our Services to our Users, in some instances we process personal information about third parties that is provided by our Users.

We use a limited number of third-party service providers to assist us in providing our Services to our Users. These service providers fall into one of the following categories:

  • Hosting providers (Amazon Web Services)
  • Providers of additional functionality for our Services (as set forth in the written agreement between us and our customer)

These third parties may access, process, or store personal data in the course of providing their services. We will only provide personal information to these third parties for the purpose of providing our Services to our Users. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal data.

We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Cookies and Other Automated Means

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Service. Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. Our Website and Service may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).

The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.

On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or “LSOs”), Flash-based LSOs (also known as “Flash cookies”), web beacons, and similar technologies, and our emails may also contain web beacons.

In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

Nayya Website

  • To understand your needs and interests in our products and services
  • Respond to your requests, questions and feedback
  • To send you marketing and promotional communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the “Your Rights” section below.

Nayya Service

  • Provide, operate and improve the Service
  • Establish and maintain your user profile on the Service
  • Manage the security features of the Service
  • Understand your needs and interests, and personalize your experience with the Service
  • Provide support and maintenance for the Service
  • Utilization to analyze and improve the service

To Comply With the Law

We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

Disclosure Required by Law

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet government authority or law enforcement requirements. We reserve the right to disclose personal information as required by law and when we believe that disclosure is necessary to protect our legal rights and/or to comply with a judicial proceeding, court order, or legal process.

Access to Personal Information

Nayya Website

We acknowledge the right of individuals to access their personal data as collected through our Website. Individuals wishing to review, edit, supplement or delete their personal data as collected through our Website may do so by contacting us at legal@nayya.com. We will promptly respond to any such request.

Nayya Services

Individuals wishing to review, edit, supplement or delete their personal data as provided to us by our Users for use with our Services should contact the applicable User that provided this data to us. Alternatively, such an individual can contact us at legal@nayya.com and we will work with our User to respond to the request. However, note that we are contractually bound to our customers to maintain the confidentiality and integrity of the personal information that we store as part of our Services, and any such request from an individual that is not our customer would need to be approved by our customer except as otherwise required by law.

Security Practices

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

How We Manage Your Personal Information

Personal Data Collection

Your personal data is collected on a one-time basis or as necessary for the third parties to perform the Service.

Personal Data Transfers

Your data is stored in the United States. If it is necessary to transfer your data, we will ensure that your personal information is protected by appropriate safeguards as required by applicable data protection laws.

Personal Data Retention

We retain your information in line with our Data Management Policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period where we need the information to comply with regulatory or legal requirements (e.g. HIPAA) or where we may need it for our legitimate purposes e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly. This includes user account information affiliated with our Service.

There may be occasions where we are unable to fully delete, anonymize, or de-identify your information due to technical, legal, regulatory compliance or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal information from any further processing until such time as we are able to delete, anonymize, or de-identify it.

Your Rights

Individuals located in certain countries have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to information, as well as to seek to update, delete or correct this information. If you are a Nayya user, you can exercise this right by contacting us at legal@nayya.com.

To the extent that our processing of your personal data is subject to the the California Privacy Act, we only collect, use, and process personal data where we have lawful grounds to do so, which may include, without limitation: (i) in order to provide the requested Services, (ii) in connection with our legitimate interests, (iii) in connection with our fulfillment of legal obligations, or (iv) as otherwise consented to by you. For the avoidance of doubt, we may process personal data for direct marketing purposes as set forth above and you have a right to object to our use of your personal data for this purpose at any time.

Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Website or Service may not work properly.

Some of the business partners that collect information about users’ activities on or through the Service may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising. Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.

Other Sites, Mobile Applications and Services

The Service may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Children

As a general rule, children are not allowed to use the Service and neither our website nor our Services are directed to children. We define “children” as anyone under 13 years of age. Any personal information of a child we collect has been provided directly by a parent or guardian through use of the Services. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. We may, and if required by law, will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Service.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to legal@nayya.com.

CALIFORNIA PRIVACY RIGHTS POLICY