Privacy Notice for California Residents
Effective Date: January 1, 2023
This Privacy Notice for California consumers supplements the information contained in Fullscript’s Privacy Statement and applies solely to all visitors, users, and others who reside in the State of California in compliance with California privacy laws (“consumers” or “you”). Any terms defined in the California Consumer Privacy Act of 2018 or California Privacy Law Act of 2020 (collectively referred to as “CCPA”) have the same meaning when used in this Privacy Notice.
This Policy also applies to workforce-related personal information collected from job applicants, contractors, and service providers. For specific information, see the Personnel and Job Applicant Notice section below.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records;
- Deidentified or aggregated consumer information; and
- Information excluded from the CCPA’s scope, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA).
In particular, as required by the CCPA, the following categories of personal information have been collected from consumers within the last twelve (12) months:
- Identifiers such as name, alias, address, phone number, email address, account name, or IP address;
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as a signature, education, employment, or credit card number or other financial information;
- Commercial information, such as records of Products or Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Internet or other similar network activity information, such as cookie data and information on a consumer’s interaction with the sites;
- Geolocation data, such as the approximate location of devices or computers accessing the sites;
- Professional information, such as data Health Professional Accounts may provide about business or professional qualifications;
- Non-public education information, such as education records directly related to Student Accounts maintained by an educational institution or party acting on its behalf
- Inference data, such as information about purchase preferences; and
Audio, electric, visual or similar information, such as phone calls and other communications with our customer service team
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you, for example, from forms you complete or products and services you purchase.
- Indirectly from you, for example, from actions, you take on our website or through our services you use, or information provided by Health Professionals on your behalf.
Use of Personal Information
We may use the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information in the set-up of an account or to ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate subsequent product orders or process returns.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your experience on the sites and to deliver content and product and service offerings relevant to your interests, third-party sites, and via email or text message.
- To help maintain the safety, security, and integrity of our sites and Services, databases and other technology assets, and business.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
Sharing Personal Information
As describe more fully in the Privacy Statement, we provide information to service providers and restricted third parties in order to operate and improve the sites, provide requested services, and complete transactions. Our service providers and restricted third parties are prohibited from using the information we provide for any other purposes. In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose: identifiers, such as name, alias, address, phone numbers, email address; account name, or IP address; California Customer Records personal information categories, such as name, address, or employment; commercial information, such as products or services purchased; internet or other similar network activity information; geolocation data, such as mailing address or zip code; and professional information, such as professional certification type.
We may also make certain categories of personal information available in order to receive certain benefits or services, such as when we make browsing information available to third party ad companies (through third party tags on our sites) in order to improve and measure our ad campaigns and reach users with more relevant ads and content. In the preceding twelve (12) months, the Company may have shared the following categories of personal information: identifiers; California Customer Records personal information categories; internet or other similar network activity information; and geolocation data.
Your Rights and Choices
The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to opt out of the sale of your personal information. We do not sell your personal information.
You also have the right to opt out of the sharing of your personal information for cross-context behavior advertising. To the extent the cookies and other web trackers used by the sites may used for cross-context behavior advertising, you may opt out of such sharing. You do not need to create an account with us to exercise your opt-out rights. Our personal information sharing does not include information about individuals we know are under age 16.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; and
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
You have the right to be free from discriminatory adverse treatment for exercising these rights. We will not discriminate against you for exercising any of your CCPA rights.
How to Submit CCPA Requests
To opt out of the sharing of your personal information for cross-context behavior advertising, you may decline advertising cookies through the banner on our sites. If you have any questions please contact us directly as described below.
To exercise the access, data portability, and deletion rights, please submit a verifiable consumer request to us by either:
- Calling us at 1-866-807-3828
- Sending us an email at email@example.com;
- Chatting with us once logged in to your account.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include your first and last name, email address, mailing address, and account type (Health Professional, Student or Patient).
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to a total of 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to your contact address on that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org or write us at Privacy, 360 Albert Street, Suite 200, Ottawa, ON, Canada, K1R 7X7.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes
If you have any questions or comments about this notice, the ways in which Fullscript collects and uses your information described here and in our Privacy Statement, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Personnel and Job Applicant Notice
This Personnel and Job Applicant Notice (this “Notice”) applies to the personal information of job applicants, contactors and service providers in relation to Fullscript and its affiliates. Specifically, this Notice discloses the categories of personal information that we have collected about you during the past 12 months and the business purposes for which we use such information.
As a summary, Fullscript uses your personal information in connection with hiring/job application process, vetting and communicating with service providers and vendors, and financial accounting, and carrying out its business relationships with its service providers and vendors.
Categories of Personal Information Collected
- Identifiers, including name, email address, mailing address, IP address, phone number, social security number, online identifiers
- Protected classification information, including age, disability information, veteran or military status, race, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions or events), national origin, citizenship and sexual orientation
- Internet/electronic activity, including website interactions during application process, use of internal networks
- Professional/employment related information, including resumes/CVs, references, background checks
- Inferences drawn from personal information, including job application vetting
We may use these categories of personal information in carrying out our business purposes, including:
- Job application processing and communication
- Conduct onboarding
- Human resource administration, such as benefits, payroll, and other employment-related purposes
- Comply with federal and state equal employment opportunity laws
- Maintain and administer vendor and contractor relationships, contracts and payments
- Prevent unauthorized access to or use of Fullscript facilities and property, including information systems, electronic devices, network, and data
- Improve efficiency, logistics, and supply chain management
In addition to the business purposes set forth above, we may use these categories of personal information:
- To fulfill or meet the reason you provided the personal information;
- To comply with our health and safety obligations;
- To establish, exercise, or defend legal claims;
- To comply with applicable law, court orders, subpoenas, or governmental regulations;
- To respond to requests by public authorities, including for the purpose of meeting national security or law enforcement requirements;
- In the event of a merger, acquisition, disposition of all or substantially all of the relevant assets of the business, bankruptcy, or similar event (including due diligence related thereto);
- As described to you when collecting your personal information; or
- As otherwise authorized or required by applicable law.
Note that we retain job application information for unsuccessful applicants beyond consideration of the immediate position for which the application is submitted as a reference in case future positions become available and are of interest. Application information for successful applicants becomes part of the applicant’s employment file and is treated accordingly.
We do not sell or share any information regarding employment-related personal information to third parties for monetary or other valuable consideration.
If you have any questions, please contact Legal@fullscript.com