Last Updated: 04/08/2020

This California Consumer Privacy Statement (“Statement”) is part of the Symphony Health Privacy Notice. It applies only to California residents who have a legal right to this Statement and their personal information that we collect online and offline, that we use, and that we sell. This Statement does not apply to our employees, job applicants, independent contractors, vendors, or business partners, and may not apply to the employees or independent contractors of our clients. This Statement uses certain words that are defined by California Consumer Privacy Act of 2018 and the regulations that implement it (called the “CCPA”).

This Statement is our privacy policy, and we are providing you with notice of the personal information that we may have collected, used, and/or sold in the past twelve months and may continue to collect, use, and/or sell. It also is notice of your rights under the CCPA. This notices does not apply to your health information that is protected by other laws, to information collected as part of a clinical trial that is protected by other laws, or to information that is publicly available from federal, state, or local government records.

We also share with you that there may be laws that require or permit us to collect, use, and/or sell personal information for uses beyond what is in this notice.

1. Notice of Collection and Use of Personal Information
We may have collected and will continue to collect the following categories of personal information about you:

  • Identifiers: meaning personal identifiers such as a real name, postal address, telephone number, email address, and unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology, and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, and other similar identifiers
  • Protected Characteristics: characteristics of classifications of individuals that are protected by California or US federal laws, including things like age, sex, and veteran and military status
  • Online Activity: meaning internet and other electronic network activity information. Examples are your browsing history, search history, and information regarding your interaction with websites, applications, or advertisements
  • Sensory Information: meaning audio, electronic, and similar information
  • Educational, Professional and Employment-related Information
  • Inferences: inferences drawn from any of the information we collected to create a profile about you reflecting your preferences, characteristics, predispositions, behavior, and attitudes

We may have used and may continue to use your personal information for the purposes described in our Symphony Health Privacy Notice and for the following business purposes:

  • performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing other similar services;
  • auditing related to your current interaction with us and related transactions, including for example counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
  • short-term, temporary use, including for example the contextual customization of ads shown as part of a current interaction with you;
  • detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
  • debugging to identify and repair errors that impair existing intended functionality;
  • undertaking internal research for technological development and demonstration; and
  • undertaking activities to verify or maintain the quality or safety of our services or devices and to improve, upgrade, or enhance our services or devices.

2. Sources of Personal Information

During the past twelve months, we may have obtained personal information about you from the following categories of sources:

  • directly from you, such as when you provide us your contact information;
  • from your devices, such as when you visit our website;
  • companies that are our affiliates and subsidiaries;
  • vendors who provide services to us or for us;
  • online advertising services and advertising networks;
  • our business partners;
  • government entities;
  • public domain sources; and
  • social networks.

3. Sale of Personal Information

This section applies to physicians:

If you are a physician, we may collect your personal information from one of several sources or business partners. One of these business partners is the American Medical Association (AMA). Symphony follows the contract requirements regarding the use of your personal information that we receive from the AMA. You can tell the AMA if you do not want your personal information to be released. When you tell the AMA to restrict the use of your personal information, and AMA gives this direction to Symphony, Symphony complies with the AMA’s direction. You can find the AMA’s privacy notice on its website, which is https://www.ama-assn.org/.

We may sell certain categories of your personal information to our clients in connection with our products and services. During the past twelve months, we may have sold the following categories of personal information about you to our clients:

  • Identifiers including your name, postal address, telephone number, email address, and other similar identifiers
  • Protected Characteristics
  • Educational, Professional and Employment-related Information
  • Inferences

You have the right to opt out of such sale of your information. See Section 6 below.

4. Third Party Information Collection About Users of Our Website, Applications or Other Digital Services

We do not rent or sell personal information about users of our website, applications or other digital services to anyone for monetary compensation. However, we may allow certain third parties (e.g., online advertising services and social networks) to gather personal information about you through automated technologies. These third parties use “cookies” and similar identifiers to gather this personal information. When you first visit our website, you are presented with a choice about whether or not you wish to permit the use of those cookies. If you would prefer not to permit these third-party cookies, you can decline to accept them. If you accept these cookies and later decide you no longer wish to permit them, you can either use the settings in your browser to clear all cookies, or you can click HERE to change your preferences for our site. Our website and our Services are not designed to collect information from individuals under the age of 16, and we do not have actual knowledge that we sell personal information of minors under 16 years of age.

5. Sharing of Personal Information

During the past twelve months, we may have shared all categories of your personal information with our affiliates and subsidiaries, our vendors who provide services on our behalf, and professionals who provide us with services such as legal and auditing services.

During the past twelve months, we may have also shared the following:

To our clients: identifiers, educational, professional, and employment information, protected characteristics, online activity, and inferences.

To online advertising services and advertising networks and data analytics providers: identifiers, online activity, and inferences.

To internet service providers: identifiers, online activity, and sensory information.

To operating systems and platforms: identifiers and online activity.

To social networks: identifiers, employment information, protected characteristics, online activity, sensory information, and inferences.

In addition to the categories of third parties identified above, we also may have shared personal information about you with government entities.

1. California Consumer Privacy Rights

You have certain choices regarding your personal information.

Request to know: You may have the right to request to know the personal information we have collected, used, disclosed, and sold: the categories of your personal information that we collected during the prior twelve months as well as the categories of your personal information that we sold or disclosed for a business purpose to a third party during the prior twelve months, the categories of the sources of the personal information that we collected, the business or commercial purpose for collecting or selling your personal information, and the category of third parties to whom we disclosed or sold your personal information. You may exercise this right twice a year.

Deletion: You may have the right to request that we delete certain personal information we have collected from you.

Opt-Out of Sale: You may have the right to opt-out of the sale of your personal information where applicable.

How to Submit a Request. To submit an access or deletion request or opt out of the sale of your personal information, click here or call us at +1 877.202.0559. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to personal information or complying with your request to delete or opt out. If we cannot verify your identity based on the information you provide, we will let you know that we cannot fulfill your request and we reserve the right to do so. For example, if you do not have an email address or other direct contact information on file with us, then there may be no reasonable method for us to verify your identity.

We will typically require you to provide at least two or three pieces of information that may be used for verification. Information needed to verify identity may vary depending upon your relationship with us. If other measures or more information is required, such as the provision of one or more forms of valid government identification, we will contact you and request additional verification.

You may authorize an agent to make a request on your behalf. Any agent making a request on your behalf must indicate that they are acting as your agent or representative and provide the name, email address and description of the agent’s relationship with the individual, and a certification that the agent has permission to submit the request on the individual’s behalf. We may require proof of the agent’s authorization, including the written permission of the individual the agent represents, and/or a valid Power of Attorney.

Symphony Health reserves the right not to respond to requests generated through third-party applications or automated processes without direct validation of the requests by data subjects using the resources provided by Symphony Health for the exercise of these rights.

Please note that if we maintain your personal information on behalf of a third party, we may need to refer you to that third party to respond to your request.

Additional Information. If you exercise certain rights, please understand that you may be unable to use or access certain features of our services. If you choose to exercise any of your rights under the CCPA, we will not discriminate against you. For questions or concerns about our policies and practices, please click “Ask a question or share a concern about our privacy policies and practices” in our online CCPA portal, and provide details in the provided form.

Download CCPA Policy here.