Privacy Notice for California Residents

Last Updated and Effective: April 2, 2024

This US State Privacy Notice supplements the information contained in Fullscript’s Privacy Statement and applies solely to residents in the United States (“you” or “your”). This Notice applies to the personal information we obtain in various contexts, both online and offline, including when you visit our website or any other application, features, or services that link to this Privacy Notice; interact or communicate with us; purchase or use our Services; interact with our marketing materials; or participate in any of our programs or events. This Notice also applies to workforce-related personal information collected from job applicants, contractors, and service providers residing in California. For the specific disclosures regarding workforce-related personal information, see the Personnel and Job Applicant Notice section below. Please also see our Consumer Health Data Privacy Notice for disclosures related to health data privacy laws. Any terms defined in our Privacy Statement or Terms of Service have the same meaning when used in this Privacy Notice.

Please note that the rules implementing some of the state privacy laws have not yet been finalized. We are continuously working to better comply with these laws, and we will update our processes, disclosures, and this notice as these implementing rules are finalized.

As discussed in our Privacy Statement, we do not “sell” any personal information as defined under US state privacy law. We commit to maintaining and using de-identified data without attempting to re-identify it.

Collection of Personal Information

You may provide us with personal information in several ways, including, for example when you:

• Visit our website or use our Services;
• Register or create an account;
• Correspond with us in any way, including through questionnaires, and surveys;
• Sign up to receive our newsletters or promotional information;
• Ask for customer service, support or other assistance; or
• Interact with us in any other way, online or offline, including through our Services.

We may collect the following, limited types of personal information from you depending upon the device you are using and how you interact with us or use or interact with our Services, such as your:

• Identifiers: name, alias, address, phone number, email address, social security number, account name, and IP address;
• Protected information: age and sex;
• Commercial information: records of Products or Services purchased, obtained, or considered, including purchasing or consuming history and tendencies;
• Biometric information: physiological, biological, or behavioral characteristics.
• Internet or other similar network activity information: search history and information on interactions with our website, application, or advertisement;
• Geolocation data: approximate location based on relevant IP address;
• Audio and visual information: phone calls and other communications with our customer service team, as well as photos or videos uploaded by;
• Professional information: business or professional qualifications, as well as National Provider Identification numbers;
• Education information: education-related information provided by you and directly related to Practitioner and Student Accounts that is maintained by an educational institution or party acting on its behalf;
• Sensitive personal information: account log-in information (if you make an account with us), information concerning your health, or information concerning your sex life (such as your purchases of sexual health products using our Services); and
• Inferences: inferences drawn or created based on any information identified above.

We obtain the personal information listed above from the following categories of sources:

• Directly from you, for example, from forms you complete or products and services you purchase.
• Indirectly from you, for example, from actions, you take on our website or through our services you use, or information provided by you Practitioner on your behalf.
• From our subsidiaries and affiliates.
• From government entities.

Use of Personal Information

We primarily use the personal information we collect to provide, maintain, and improve our Services, but we may also use personal information to do any or all of the following: 

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to set-up of an account or to ask a question about our Products or Services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a Product or Service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate subsequent Product orders or process returns. 
• To create, maintain, customize, and secure your account with us.
• To process your requests, purchases, transactions, and payments and prevent fraud.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To personalize your experience on the sites and to send educational content, service information, promotional and other communications relevant to your interests via email or text message.
• To help maintain the safety, security, and integrity of our business, including our website and Services, databases, and other technology assets.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• For any other purpose with your consent.

Sharing Personal Information

We primarily share personal information with our affiliates, service providers, and restricted third parties in order to help us with the uses described above, including to operate and improve our Services, provide the requested Products and Services, and complete transactions. We have disclosed the following categories of personal information as identified in the table below. The business purpose for such disclosures are listed in the section above.

We may also make certain categories of personal information available in order to receive certain benefits or services, such disclosures may be considered “sharing” as defined under California privacy law. We may have “shared” the following categories of personal information, as identified in the table below. The business or commercial purpose for sharing is to deliver personalized advertising based on your interests. For example, when we make browsing information available to third party ad companies (through third party tags on our website) in order to improve and measure our ad campaigns and reach users with more relevant ads and content.

Retention of Personal Information

We retain personal information for as long as necessary for the purpose for which it was initially collected, including the purposes identified above.

Your Rights and Choices

In accordance with applicable law, you may exercise certain choices and rights in connection with our products, services, and features as described in this section. Some of the rights may vary depending on your state of residence. To submit a privacy request, please see the instructions provided below.

Right to Opt-out of Profiling, Targeted Advertising, and Sharing. You have the right to opt out of profiling, targeted advertising, and sharing of your personal information for cross-context behavioral advertising. In addition to the methods described below, you may opt out of targeted advertising and the sharing of your personal information for cross-context behavioral advertising by declining advertising cookies through the banner on our website. Importantly, we do not ever use sensitive personal information for targeted advertising or cross-context behavioral advertising purposes. Our personal information sharing does not include information about individuals we know are under age of 18.

Right to Know. You have the right to request we disclose the following information:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or sharing that personal information.
• The categories of third parties with whom we share personal information.
• The specific pieces of personal information we collected about you.
• The categories of personal information disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed it.

The information requested will be provided in a portable, transferable, and usable format, such as PDF.

Right to Delete. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies. We may deny your deletion request if an exception applies, such as if the information is necessary to complete the transaction for which the information was collected, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, identify and repair errors and for various other reasons available under applicable law.

Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain, subject to relevant exceptions. You can always review and edit your personal information by logging into your Fullscript account.

Right of Non-Discrimination. We will not discriminate against you in any way if you choose to exercise your rights under applicable law. 

How to Submit Requests

You can submit a request to us by either: 

• Calling us at 1-866-807-3828
• Sending us an email at privacy@fullscript.com;
• Chatting with us once logged in to your account.

Verification. In order to protect your personal information and prevent against fraud, some of the requests must be verified. We may contact you by phone or email to complete the verification process. This process may require matching the information provided in your request with the information we have on file about you, and depending on the sensitivity of information requested utilizing more stringent verification methods, including but not limited to requesting additional information from you and/or requiring you to sign a declaration under penalty of perjury. In certain circumstances, we may decline a request to exercise a privacy right, particularly where we are unable to verify your identity.

We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm the personal information relates to you. Making a request does not require you to create an account with us. We will only use the personal information provided in a request to verify the requestor’s identity. 

Authorized Agent. You may designate an authorized agent to submit a request on your behalf. To do so, you must (1) verify your own identity directly with us; and (2) provide the authorized agent with written documentation of their authority to act on your behalf, such as: (a) a power of attorney; or (b) sufficient evidence to show that you have provided the authorized agent signed permission to act on your behalf and directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.

Response Timing and Format. Once you have submitted a request, we will respond within the time frame permitted by the applicable law.

If you have an account with us, we will deliver our response to your contact address on that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. 

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Appeals. You may appeal our decision to your request regarding your personal information. To do so, please contact us by emailing privacy@fullscript.com. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

Your California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. California residents under 18 years old, in certain circumstances, may also request and obtain removal of personal information or content that you have posted on our Platform. Please be mindful that this would not ensure complete removal of the content posted by you on our Platform. To make such any request under this section, please send an email to privacy@fullscript.com or write us at Fullscript Privacy, 360 Albert Street, Suite 200, Ottawa, ON, Canada, K1R 7X7.

Nevada Privacy Rights

Nevada consumers have the right to instruct us not to “sell” “covered information” as those terms are defined by Chapter 603A of the Nevada Revised Statutes. We do not currently “sell” “covered information” of Nevada “consumers,” and we have no plans to do so. In the event we choose to sell covered information in the future, we will update this Privacy Policy to provide an opportunity for Nevada consumers to be verified and exercise their opt-out rights under that law.

Changes to Our Privacy Notice

We reserve the right to amend this Privacy Notice from time to time. If we amend this Privacy Notice, we will post the updated Privacy Notice on the website and update the Privacy Notice’s effective date. By continuing to use our Services after such revisions are in effect, you are acknowledging that you have read and understand the revisions.

Contact Information

If you have any questions or comments about this notice, the ways in which Fullscript collects and uses your information described here and in our Privacy Statement, your choices and rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us at:

Phone: 1-866-807-3828

Email: privacy@fullscript.com

Personnel and Job Applicant Notice

This Personnel and Job Applicant Notice (“Job Applicant Notice”) supplements the information contained above in the US State Privacy Notice and applies to the personal information of job applicants, contactors, and service providers, that are California residents, in relation to Fullscript and its affiliates. As a summary, Fullscript uses your personal information in connection with the hiring/job application process, vetting and communicating with service providers and vendors, financial accounting, and carrying out its business relationships with its service providers and vendors. 

We collect personal information in several ways, including when you provide it directly to us, when your company or organization provides it to us, or when our service providers or business partners provide it to us.

We collect the following categories of personal information:

• Identifiers: name, email address, mailing address, IP address, phone number, social security number, online identifiers.
• Protected classification information: age, disability information, veteran or military status, race, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions or events), national origin, citizenship and sexual orientation.
• Internet/electronic activity: website interactions during application process and use of internal networks.
• Professional/employment related information: resumes/CVs, references, and background checks.
• Inferences: inferences drawn or created from personal information listed above, including job application vetting.

We may use these categories of personal information for the following business purposes:

• Job application processing and communication;
• Onboarding;
• Human resource administration, such as benefits, payroll and other employment-related purposes;
• Compliance with federal and state equal employment opportunity laws;
• Maintaining and administering vendor and contractor relationships, contracts, and payments;
• Preventing unauthorized access to or use of Fullscript facilities and property, including information systems, electronic devices, network, and data; and
• Improving efficiency, logistics, and supply chain management.

In addition to the business purposes set forth above, we may use these categories of personal information:

• To fulfill or meet the reason you provided the personal information;
• To comply with our health and safety obligations;
• To establish, exercise, or defend legal claims;
• To comply with applicable law, court orders, subpoenas, or governmental regulations;
• To respond to requests by public authorities, including for the purpose of meeting national security or law enforcement requirements;
• In the event of a merger, acquisition, disposition of all or substantially all of the relevant assets of the business, bankruptcy, or similar event (including due diligence related thereto); 
• As described to you when collecting your personal information; and
• As otherwise authorized or required by applicable law.

We do not use or disclose such sensitive personal information for purposes other than those specified in Section 7027(m) of the CCPA regulations.

We retain personal information for as long as necessary for the purpose for which it was initially collected, including the purposes identified above. However, we retain job application information for unsuccessful applicants beyond consideration of the immediate position for which the application is submitted as a reference in case future positions become available and are of interest. Application information for successful applicants becomes part of the applicant’s employment file and is treated accordingly.

We share the categories of personal information identified above with our service providers and affiliates. The business purpose for such disclosures are the purposes listed above.

Please see the Your Rights and Choices section above for an explanation of your rights and how to exercise them. In regards to employment-related personal information, we do not “sell” such information as defined under California privacy law and we do not share such information with third parties for cross-context behavioral advertising. If you have any questions, please contact legal@fullscript.com.