privacy policy

privacy policy

This Privacy Policy for Hume Health LLC (trading as Hume) ("Hume", "we", "us" or "our") describes how and why we collect, store, use and/or disclose ("process") your information when you use our services ("Services"), for example when you:

Visit our website https://de.humehealth.com/ or any other website of ours that refers to this privacy policy

Downloading and using our mobile application (Hume Health) or any of our other applications that link to this Privacy Policy

contact us in other ways, including sales, marketing or events

Do you have questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our services. If you still have questions or concerns, please contact us at support@myhumehealth.com.

SUMMARY OF THE KEY POINTS

This summary provides the key points of our privacy notice. However, you can find out more detail about each of these topics by clicking on the link after each key point or using our table of contents below to find the section you are interested in. You can also click here to go directly to our table of contents.

What personal data do we process? When you visit, use, or navigate through our Services, we may process personal data depending on how you interact with Hume Health and the Services, the choices you make, and the products and features you use. Click here to learn more.

Do we process sensitive personal data? We may process sensitive personal data where necessary with your consent or where otherwise permitted by applicable law. Click here to learn more.

Do we receive any information from third parties? We may receive information from public databases, marketing partners, social media platforms and other external sources. Click here to learn more about this.

How do we process your information? We process your data to provide, improve and manage our services, to communicate with you, for security and fraud prevention, and to comply with legal requirements. With your consent, we may also process your data for other purposes. We only process your data when we have a valid legal reason to do so. Click here to learn more.

In what situations and with which parties do we share personal information? We may share information in certain situations and with certain categories of third parties. Click here to learn more.

How do we protect your information? We have put in place organizational and technical processes and procedures to protect your personal information. However, no electronic transmissions over the Internet or information storage technologies can be guaranteed to be 100% secure. Therefore, we cannot promise or guarantee that hackers, cyber criminals, or other unauthorized third parties will not be able to defeat our security and unlawfully collect, access, steal, or modify your information. Click here to learn more.

What rights do you have? Depending on where you are geographically located, applicable data protection laws may mean that you have certain rights in relation to your personal data. Click here to find out more.

How can you exercise your rights? The easiest way to exercise your rights is to complete our data protection request form, which you can find here, or by contacting us. We will consider and act on any request in accordance with applicable data protection laws.

Would you like to know more about what Hume Health does with the data we collect? Click here to read the full notice.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR PERSONAL DATA?
4. WHEN AND TO WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
7. WILL YOUR DATA BE TRANSFERRED INTERNATIONALLY?
8. HOW LONG DO WE KEEP YOUR DATA?
9. HOW IS YOUR DATA KEEPED SECURE?
10. DO WE COLLECT INFORMATION FROM MINORS?
11. WHAT RIGHTS DO YOU HAVE WITH RESPECT TO DATA PROTECTION?
12. DO-NOT-TRACK CONTROLS
13. DO CALIFORNIA RESIDENTS HAVE SPECIAL PRIVACY RIGHTS?
14. DO VIRGINIA RESIDENTS HAVE SPECIAL PRIVACY RIGHTS?
15. DO WE MAKE UPDATES TO THIS NOTICE?
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
17. HOW CAN YOU REVIEW, UPDATE OR DELETE THE INFORMATION WE COLLECT?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you provide to us

In Short : We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register for the Services, express interest in information about us or our products and services, participate in activities on the Services, or otherwise contact us.

Personal Information You Provide . The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include:

names

phone numbers

email addresses

postal addresses

username

passwords

contact preferences

contact or authentication data

billing addresses

debit/credit card numbers

Size

Weight

Old

activity level

body composition data

Sensitive information. Where necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive data:

health data

biometric data

Payment data . We may collect data necessary to process your payment when you make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data will be stored by __________. The link to the privacy policy can be found here: __________.

Social media login details. We may offer you the opportunity to register with us using your existing social media account details, such as your Facebook, Twitter or other social media account. If you choose to register in this way, we will collect the data set out in the "HOW DO WE PROCESS YOUR SOCIAL LOGINS?" section below.

Application Data . When you use our Application(s), we may also collect the following information if you grant us access or permission to do so:

Geolocation Data . We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you would like to change our access or permissions, you can do so in your device settings.

Mobile Device Access . We may request access or permission for certain features of your mobile device, including Bluetooth, sensors, reminders, camera, and other features of your mobile device. If you would like to change our access or permissions, you can do so in your device settings.

Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information, and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). When you use our Application(s), we may also collect information about the telephone network connected to your mobile device, your mobile device operating system or platform, the type of mobile device you use, your mobile device's unique device ID, and information about the features of our Application(s) you access.

Push notifications. We may ask you to send push notifications about your account or certain features of the Application(s). If you do not wish to receive these types of communications, you can disable them in your device settings.

This information is primarily needed to maintain the security and operation of our application(s), to troubleshoot errors, and for our internal analytics and reporting.

All personal information you provide to us must be truthful, complete and accurate, and you must inform us of any changes to that personal information.

Automatically collected information

In Short: Some information – such as your Internet Protocol (IP) address and/or browser and device characteristics – is automatically collected when you visit our Services.

We automatically collect certain information when you visit, use, or navigate through the Services. This information does not identify you (such as your name or contact information), but may include device and usage data, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, as well as for our internal analytics and reporting purposes.

Like many companies, we collect information through cookies and similar technologies.

The information we collect includes:

• Log and Usage Data . Log and Usage Data is service-related, diagnostic, usage and performance information that our servers automatically collect when you access or use our Services and that we record in log files. Depending on how you interact with us, this Log Data may include your IP address, device information, browser type and settings, information about your activities on the Services (such as date/time stamps associated with your usage, pages and files viewed, searches and other actions such as the features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
• Device Data. We collect Device Data, such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device you use, this Device Data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data, such as information about the location of your device, which may be either accurate or inaccurate. The amount of information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You may opt out of the collection of this data by either denying access to this data or disabling the location setting on your device. However, if you choose not to do so, you may not be able to use certain aspects of the Services.

The information we collect includes:

Log and Usage Data. Log and Usage Data is service-related, diagnostic, usage and performance information that our servers automatically collect when you access or use our Services and that we record in log files. Depending on how you interact with us, this Log Data may include your IP address, device information, browser type and settings, information about your activities on the Services (such as date/time stamps associated with your usage, pages and files viewed, searches and other actions such as the features you use), information about device events (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).

Device Data. We collect Device Data, such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device you use, this Device Data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

Location Data. We collect location data, such as information about the location of your device, which may be either accurate or inaccurate. The amount of information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You may opt out of the collection of this data by either denying access to this data or disabling the location setting on your device. However, if you choose not to do so, you may not be able to use certain aspects of the Services.

Information collected from other sources

In Short: We may collect limited data from public databases, marketing partners, social media platforms and other external sources.

To enhance our ability to provide you with relevant marketing, offers and services and to update our records, we may receive information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms and other third parties. This information includes postal addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs and custom profiles for the purposes of targeted advertising and event promotion. If you interact with us on a social media platform through your social media account (e.g. Facebook or Twitter), we will receive personal information about you such as your name, email address and gender. Any personal information we collect from your social media account will depend on the privacy settings of your social media account.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and manage our services, to communicate with you, for security and fraud prevention, and to comply with laws. With your consent, we may also process your information for other purposes.

Depending on how you interact with our Services, we process your personal data for a variety of reasons, including:

To facilitate account creation and authentication and to otherwise manage user accounts. We may process your data to enable you to create and log in to your account and to maintain your account in a working state.

To provide and facilitate the provision of services to the User. We may process your data to provide you with the requested service.

To respond to user requests/provide user support . We may process your data to respond to your requests and resolve any potential issues you may have with the requested service.

To send you administrative information. We may process your data to send you information about our products and services, changes to our terms and policies and similar information.

To fulfill and manage your orders. We may process your data to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

To request feedback . We may process your data where necessary to ask for your feedback and to contact you about your use of our services.

To send you marketing and promotional communications. We may process the personal data you provide to us for our marketing purposes where this is in line with your marketing preferences. You can unsubscribe from our marketing emails at any time. For more information, see "WHAT ARE YOUR PRIVACY RIGHTS?" below).

To provide you with targeted advertising. We may process your data to develop and display personalized content and advertising tailored to your interests, location and more.

To protect our Services. We may process your information as part of our efforts to keep our Services secure, including fraud monitoring and prevention.

To identify usage behavior

3. WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR DATA?

In Short: We only process your personal data when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, for example with your consent, to comply with laws, to provide services to you, to enter into or fulfill our contractual obligations, to protect your rights, or to meet our legitimate business interests.

If you are located in the EU or the UK, this section applies to you.

The General Data Protection Regulation (GDPR) and the UK GDPR require us to explain the valid lawful bases we rely on to process your personal data. For example, we may rely on the following lawful bases to process your personal data:

Consent. We may process your data if you have given us permission (i.e. your consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Click here to find out more.

Performance of a contract. We may process your personal data where we believe it is necessary to perform our contractual obligations to you, including providing our services, or at your request before entering into a contract with you.

Legitimate interests. We may process your information where we believe it is necessary to achieve our legitimate business interests and those interests do not override your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:

Sending information about special offers and discounts for our products and services

Developing and displaying personalized and relevant advertising content for our users

to analyze how our services are used so that we can improve them, to engage and retain users

support of our marketing activities

diagnose problems and/or prevent fraudulent activities

Understand how our users use our products and services so that we can improve the user experience

Legal obligations. We may process your information where we believe it is necessary to comply with our legal obligations, for example to cooperate with a law enforcement or regulatory authority, to exercise or defend our legal rights, or to disclose your information as evidence in litigation in which we are involved.

Vital interests. We may process your data where we believe it is necessary to protect your vital interests or the vital interests of a third party, for example in situations where an individual's safety is at risk.

If you are in Canada, this section applies to you.

We may process your data where you have given us explicit permission to use your personal information for a specific purpose (ie. explicit consent), or in situations where your consent can be inferred (ie. implied consent). You can withdraw your consent at any time. Click here to find out more.

In some exceptional cases, we may be legally permitted under applicable law to process your data without your consent, for example:

If the collection is clearly in the interest of a person and consent cannot be obtained in time

For investigations and to detect and prevent fraud

For commercial transactions, provided certain conditions are met

if they are contained in a witness statement and the collection is necessary for the assessment, processing or settlement of an insurance claim

To identify injured, sick or deceased persons and to communicate with their next of kin

If we have reasonable grounds to believe that a person has been, is or may be a victim of financial abuse

Where it is reasonably expected that the collection and use with consent would affect the availability or accuracy of the information, and the collection is appropriate for purposes related to the investigation of a breach of contract or a violation of the laws of Canada or a province

if disclosure is necessary to comply with a subpoena, search warrant, court order, or court rules regarding the production of records

if they were created by an individual in the course of his or her employment, business or profession and the collection is consistent with the purposes for which the information was created

if the collection is carried out exclusively for journalistic, artistic or literary purposes

if the information is publicly available and specified in the regulations

4. WHEN AND TO WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in certain situations described in this section and/or with the following categories of third parties.

Vendors, consultants and other third party service providers. We may share your information with third party vendors, service providers, contractors or agents ("third parties") who perform services for us or on our behalf and require access to that information to do that work. We have contracts in place with our third parties designed to protect your personal information. This means that they cannot do anything with your personal information unless we instruct them to do so. They also will not share your personal information with any organisation other than us. They also agree to protect the data they hold on our behalf and to retain it for the period of time we specify. The categories of third parties with whom we may share personal information are as follows:

• data analysis services
• financial and accounting tools
• providers of order processing services
• payment processors
• performance monitoring tools
• user account registration and authentication services
• advertising networks
• test tools
• sales and marketing tools
• retargeting platforms
• tools for product development and design
• cloud computing services
• tools for communication and collaboration
• website hosting service providers
• affiliate marketing programs
• data storage service providers

We may also need to share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Affiliates. We may share your information with our subsidiaries, in which case we will require those subsidiaries to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Offer Wall. Our Application(s) may display an "Offer Wall" hosted by a third party. Such an Offer Wall allows third parties to offer users virtual currency, gifts or other items in exchange for accepting and completing a promotional offer. Such an Offer Wall may appear in our Application(s) and may be displayed to you based on certain data, such as your geographic region or demographic information. When you click on an Offer Wall, you will be redirected to an external website owned by other people and you will leave our Application(s). A unique identifier, such as your user ID, will be shared with the provider of the Offer Wall to prevent fraud and to credit your account with the appropriate reward.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar tracking technologies (such as web beacons and pixels) to access or store information. For specific information about how we use such technologies and how you can refuse certain cookies, please see our Cookie Notice.

In Short: We may use cookies and other tracking technologies to collect and store your information

6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you register or log in to our services using a social media account, we may have access to certain information about you.

Our Services offer you the opportunity to register and log in using your third-party social media account details (for example, your Facebook or Twitter logins). When you do so, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider, but will often include your name, email address, friends list and profile picture, as well as other information you choose to make public on such social media platform.

We will only use the information we receive for the purposes described in this privacy policy or as otherwise disclosed to you on the applicable services. Please note that we have no control over, and are not responsible for, the third-party social media provider's use of your personal information. We encourage you to read their privacy notices to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their websites and apps.

7. WILL YOUR DATA BE TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store and process your information in countries other than your home country.

Our servers are located in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed at our facilities and by third parties with whom we share your personal information (see "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?" above) in the United States and other countries.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), these countries may not have data protection laws as comprehensive or similar to those in your country. However, we will take all necessary steps to protect your personal data in accordance with this privacy policy and applicable law.

The European Commission’s standard contractual clauses:

We have put in place measures to protect your personal data, including by using the European Commission's standard contractual clauses for transfers of personal data between our group companies and between us and our third party service providers. These clauses require all recipients to protect any personal data they process from the EEA or the UK in accordance with European data protection laws and regulations. Our standard contractual clauses can be made available upon request. We have implemented similar appropriate safeguards with our third party service providers and partners; further details can be provided upon request.

8. HOW LONG DO WE KEEP YOUR DATA?

In Short: We will keep your information for as long as necessary to fulfill the purposes set out in this privacy policy, unless required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (for example, for tax, accounting or other legal reasons). None of the purposes set out in this notice will require us to keep your personal information for longer than two (2) months after the termination of the user account.

When we have no other legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. HOW DO WE PROTECT YOUR DATA?

In short: We strive to protect your personal data through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures to ensure the security of the personal information we process. However, despite our safeguards and efforts to protect your information, no electronic transmission over the Internet or information storage technology can be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to overcome our security and unlawfully collect, access, steal or modify your information. Although we do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. DO WE COLLECT INFORMATION FROM MINORS?

In short, we do not knowingly collect data from or market to children under 18.

We do not knowingly solicit data from or market to children under the age of 18. By using the Services, you represent that you are at least 18 years old, or that you are the parent or guardian of such a minor and consent to such minor's use of the Services. If we learn that Personal Information has been collected from users under the age of 18, we will deactivate the account and take reasonable measures to promptly delete such information from our records. If you learn of any information we have collected from children under the age of 18, please contact us at support@myhumehealth.com.

11. WHAT ARE YOUR DATA PROTECTION RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA), the United Kingdom (UK), and Canada, you have rights that give you more access to and control over your personal information. You can review, change, or terminate your account at any time.

In some regions (such as the EEA, the United Kingdom and Canada), you have certain rights under applicable data protection laws. These include, without limitation, the right to (i) request access to and obtain a copy of your personal information, (ii) request rectification or erasure, (iii) restrict the processing of your personal information, and (iv) where applicable, request data portability. In certain circumstances, you also have the right to object to the processing of your personal information. You may make such a request by contacting us using the contact details provided in the "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" section below.

We will review and act on any request in accordance with applicable data protection laws.

If you are located in the EEA or the UK and you believe we are processing your personal data unlawfully, you also have the right to complain to your local data protection supervisory authority, whose contact details can be found here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are in Switzerland, you can find the contact details of the data protection authorities here: https://www.edoeb.admin.ch/edoeb/en/home.html.

Withdrawal of your consent: Where we rely on your consent to process your personal data, which may be express and/or implied consent depending on applicable law, you have the right to withdraw your consent at any time. You may withdraw your consent at any time by contacting us using the contact details provided in the "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" section below.

Please note, however, that this will not affect the lawfulness of processing before the withdrawal nor, to the extent permitted by applicable law, processing of your personal data carried out in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You may unsubscribe from our marketing and promotional communications at any time by clicking the unsubscribe link in the emails we send, replying "STOP" or "UNSUBSCRIBE" to the SMS messages we send, or contacting us using the contact information provided in the "HOW TO CONTACT US ABOUT THIS NOTICE" section below. You will then be removed from marketing lists. However, we may still communicate with you, such as to send you service-related messages necessary to manage and use your account, to respond to service requests, or for other non-marketing purposes.

account information

If you would like to review or change the information in your account or cancel your account at any time, you may do so:

Log in to your account settings and update your user account.

Contact us using the contact information provided.

If you choose to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal policies, and/or comply with applicable legal requirements.

Cookies and Similar Technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove or reject cookies. If you choose to remove or reject cookies, it may affect certain features or services on our Services. To opt out of interest-based advertising by advertisers on our Services, visit http://www.aboutads.info/choices/.

If you have any questions or comments about your privacy rights, you can email us at support@myhumehealth.com.

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and applications include a "Do Not Track" feature or setting you can activate to signal your do not want to have data about your online browsing activities monitored and collected. At this time, no uniform technology standard has been established for the recognition and implementation of DNT signals. Therefore, we do not currently respond to DNT browser signals or other mechanisms that automatically communicate your do not want to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you of this practice in a revised version of this privacy notice.

13. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a California resident, you have certain rights regarding access to your personal information.

Pursuant to California Civil Code Section 1798.83, also known as the "Shine The Light" law, our users who are California residents may request and obtain from us, once a year and free of charge, information about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and wish to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will ensure that the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all of our systems (e.g., backups, etc.).

CCPA Privacy Notice

The California Code of Regulations defines a "resident" as:

(1) any person who is present in the State of California on a non-temporary or temporary basis, and

(2) any person who is a resident of the State of California and who is outside the State of California for a temporary or transitory purpose.

All other persons are defined as "non-residents".

If this definition of "resident" applies to you, we must comply with certain rights and obligations with respect to your personal information.

What categories of personal data do we collect?

In the past twelve (12) months, we have collected the following categories of personal information:

Category Examples Collected

A. Identifiers

Contact information, such as real name, alias, postal address, telephone or mobile number, unique personal identifier, online identifier, Internet Protocol address, email address and account name

YES

B. Personal Information Categories Identified in the California Customer Privacy Act

Name, contact information, education, employment, employment history and financial information

YES

C. Protected classification features under California or federal law

gender and date of birth

YES

D. Commercial Information

transaction information, purchase history, financial details and payment information

YES

E. Biometric Information

fingerprints and voiceprints

NO

F. Internet or other similar network activities

Browsing history, search history, online behavior, interest data and interactions with our and other websites, applications, systems and advertisements

YES

G. Geolocation data

location of the device

YES

H. Audio, electronic, visual, thermal, olfactory or similar information

Images and audio, video or conversation recordings created in connection with our business activities

NO

I. Professional or employment-related information

Business contact details to provide you with our services on a business level, or job title, employment history and professional qualifications when you apply for a job with us

NO

J. Information about training

student records and directory information

NO

K. Conclusions from other personal information

Inferences drawn from the personal data collected above to create a profile or summary, for example about a person’s preferences and characteristics

YES

L. Sensitive personal information Account credentials, debit or credit card numbers and health information

YES

We use and store the personal information collected for as long as necessary to provide the services or for the use:

Category A - As long as the user has an account with us

Category B - As long as the user has an account with us

Category C - As long as the user has an account with us

Category D - As long as the user has an account with us

Category F - 6 months

Category G - 6 months

Category K - 6 months

Category L - As long as the user has an account with us

Category L information may be used for additional, specified purposes or shared with a service provider or contractor. You have the right to restrict the use or disclosure of your sensitive personal information.

We may also collect other personal information outside of these categories when you interact with us in person, online, by telephone or by mail, such as:

Obtaining assistance through our customer support channels;

Participation in customer surveys or competitions; and

To facilitate the provision of our services and to respond to your inquiries.

How do we use and share your personal information?

Hume Health LLC collects and shares your personal information through:

Targeted cookies/marketing cookies

cookies for social media

beacons/pixels/tags

For more information about our data collection and sharing practices, please see this Privacy Notice.

You can contact us by email at or using the contact details at the end of this document.

If you appoint an agent to exercise your right to object, we may refuse a request if the agent does not demonstrate that they are authorized to act on your behalf.

Will your data be passed on to other people?

We may share your personal information with our service providers pursuant to a written contract between us and the applicable service provider. Each service provider is a for-profit company that processes the data on our behalf and complies with the same strict data protection obligations as required by the CCPA.

We may use your personal information for our own business purposes, such as internal research for technology development and demonstration. This will not be considered a "sale" of your personal information.

Hume Health LLC has not sold or transferred any personal information to third parties for business or commercial purposes in the preceding twelve (12) months. Hume Health LLC has transferred the following categories of personal information to third parties for business or commercial purposes in the preceding twelve (12) months:

Category A. Identifiers, such as contact details such as your real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name.

Category B. Personal information as defined in the California Customer Privacy Act, such as your name, contact information, education, employment, employment history, and financial information.

Category D. Commercial information, such as transaction information, purchase history, financial details and payment information.

Category F. Information about Internet or other electronic network activity, such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements.

For the categories of third parties with whom we have disclosed personal information for business or commercial purposes, see "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

Your rights regarding your personal data

Right to request deletion of data - Request for deletion

You can request that we delete your personal information. If you ask us to delete your personal information, we will comply with your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise of another consumer's right to free expression, our requirements due to a legal obligation, or processing necessary to protect against illegal activities.

Right to Information - Request for Information

Depending on the circumstances, you have the right to know:

whether we collect and use your personal information;

what categories of personal data we collect;

the purposes for which the personal data collected will be used;

whether we sell or transfer personal information to third parties;

the categories of personal information we sold, shared or disclosed for a business purpose;

the categories of third parties to whom the personal information was sold, transferred or disclosed for business purposes;

the business or commercial purpose for collecting, selling or disclosing personal information; and

the specific personal information we have collected about you.

Consistent with applicable law, we are not obligated to provide or delete consumer data that has been de-identified at a consumer's request or to re-identify individual data in order to verify a consumer request.

Right to non-discrimination in the exercise of a consumer's data protection rights

We will not discriminate against you if you exercise your data protection rights.

Right to restrict the use and disclosure of sensitive personal data

If the company collects any of the following information:

Social security data, driving licenses, identity cards, passport numbers

account credentials

Credit card numbers, information about financial accounts or access data to such accounts

exact geographical location

racial or ethnic origin, religious or philosophical beliefs, trade union membership

the content of emails and text messages, unless the company is the intended recipient of the communication

genetic data, biometric data and health data

data on sexual orientation and sex life

You have the right to instruct the Company to limit the use of your sensitive personal data to that which is necessary to provide the Services.

Once a company has received your request, it may no longer use or disclose your sensitive personal information for any other purpose unless you provide your consent to use or disclose sensitive personal information for any additional purpose.

Please note that sensitive personal data collected or processed without the purpose of drawing conclusions about a consumer's characteristics are not covered by this right, nor are publicly available information.

If you wish to exercise your right to restrict the use and sharing of sensitive personal information, please email support@myhumehealth.com or submit a request form by clicking here.

review process

Upon receipt of your request, we will need to verify your identity to determine if you are the same person about whom we have information in our system. To do this, we will need to ask you for information so that we can match it with information you have previously provided to us. For example, depending on the nature of the request you submit, we may ask you to provide certain information so that we can match the information you provide with information we already have on file, or we may contact you using a communication method (such as telephone or email) that you have already provided to us. We may also use other verification methods depending on the circumstances.

We will only use the personal information provided in your request to verify your identity or eligibility to make the request. Where possible, we will avoid requesting additional information from you for the purposes of verification. However, if we are unable to verify your identity using the information we already hold, we may ask you for additional information to verify your identity and to ensure security or prevent fraud. We will delete any such additional information provided once we have completed the verification of your identity.

Other data protection rights

You can object to the processing of your personal data.

You can request the rectification of your personal data if it is inaccurate or no longer relevant, or request the restriction of the processing of this data.

You may designate an agent to make a request on your behalf under the CCPA. We may deny a request from an agent who does not demonstrate that they are authorized to act on your behalf under the CCPA.

You may request that your personal information not be sold or shared with third parties in the future. Upon receipt of an opt-out request, we will respond to that request