CALIFORNIA RESIDENT PRIVACY NOTICE

CALIFORNIA RESIDENT PRIVACY NOTICE

CALIFORNIA RESIDENT PRIVACY NOTICE

Last Revised Date: May 10, 2024

This California Resident Privacy Notice (“California Policy”) provided by Thirty Madison, Inc., d/b/a Cove, Keeps, and Facet (collectively “Thirty Madison”), and its subsidiaries and affiliates (“Thirty Madison”, “Company” or “We”) supplements the information contained in the Thirty Madison Online Privacy Policy (“Privacy Policy” or “Policy”) and the State Privacy Law Addendum (“Addendum”) and applies solely to individual residents of the State of California (“consumers” or “you”). This California Policy describes how Thirty Madison collects, uses, and shares information about you through our websites, social media, email exchanges, mobile apps, and other online services on which the Policy is posted (“Service”).

If you are a California resident, the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq., as amended by the California Consumer Privacy Rights Act of 2020 and may be further amended from time to time, and its implementing regulations (collectively “CCPA”), provide you with certain rights with respect to your Personal Information, as that term is defined under the CCPA.

This California Policy describes your CCPA rights with respect to your Personal Information and explains how to exercise those rights, subject to CCPA exceptions.

Your privacy rights under the CCPA do not apply to all information that we might collect, use or disclose. For example, the CCPA does not apply to PHI governed by HIPAA, “medical information” governed by the California Confidentiality of Medical Information Act (“CMIA”), or other patient information we maintain in the same manner as PHI or “medical information.” The CCPA also excludes other categories of information.

Any terms defined in the CCPA have the same meaning when used in this California Policy.

COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION IN PRECEDING TWELVE (12) MONTHS

In the last twelve (12) months, we may have collected, used and disclosed the following categories of Personal Information about you:

  • Identifiers (e.g., name, mailing address, email address, and telephone number, as well as unique identifiers such as your IP address, cookies or similar data)

  • Customer records information (e.g., name, address, telephone number, driver’s license number, insurance policy number, last 4 digits of credit or debit card number, medical information, or health insurance information)

  • Biometric data (such as a photograph of your ID card with a picture of your face)

  • Characteristics of protected classifications under California or Federal law (e.g., your gender or age)

  • Internet or other electronic network activity information (e.g., browsing history, activity, and service pages visited to help you get started, and information regarding your comments, reviews, suggestions, and other interactions with our Service)

  • Professional or employment-related information (e.g., your occupation)

  • Audio, electronic or similar information when you contact our customer care center by phone

  • Sensitive personal information (e.g. photographs of your driver’s license or other ID card or insurance card; general medical history and other information relevant to diagnosis and treatment; authentication information such as username and password used to register an account on this Site)

  • Inferences drawn from the information identified above (e.g. personal preferences, including product preferences, online preferences, and interests)

We collect this Personal Information directly from you when you provide it to us; automatically as you navigate through the Site, as defined in the Privacy Policy; or from third party sources to help us determine whether a Thirty Madison product or service is right for you and to send promotional emails and/or text messages to customers and prospective customers. For more information about the sources from which we collect your Personal Information, please see Section 2 of the Privacy Policy.

We collect and use your Personal Information for our own operational purposes to provide services to you; to audit interactions on the Site; to secure our Site and detect, protect, and investigate against security incidents; or to improve our Site (e.g., identify bugs, repair errors, and ensure that services function as intended). For more information about the purposes for which we use your Personal Information, please see Section 3 of the Privacy Policy.

This Personal Information may have been disclosed to the following categories of third parties:

  • Service providers who provide professional or technical support functions or analytics services for our Site
  • Professional service organizations
  • Social media and digital advertising companies who may receive information such as browsing history, activity, and service pages visited to help you get started, and information regarding your interactions with our Site

We also disclose your Personal Information to provide the services you request; operate and maintain the security of our services; collect payment and process transactions; improve our services; comply with applicable laws or to respond to valid legal requests; and fulfill valid requests from other healthcare providers, labs and pharmacies.

For more information about the purposes for which we disclose your Personal Information, please see Section 4 of the Privacy Policy.

WE DO NOT USE OR DISCLOSE SENSITIVE PERSONAL INFORMATION FOR PURPOSES OTHER THAN THOSE EXPRESSLY PERMITTED UNDER THE CCPA.

SALE OR SHARING OF PERSONAL INFORMATION IN PRECEDING TWELVE (12) MONTHS

In the last twelve (12) months, we may have sold or shared the following categories of Personal Information to third parties:

  • Identifiers, as described above
  • Characteristics of protected classifications under California or Federal law, as described above
  • Internet or other electronic network activity information, as described above with the following categories of third parties:
  • social media companies
  • digital advertising companies analytics companies
  • for purposes of internet-based advertising and to improve our services.

AS OF AUGUST 2023, WE DO NOT SELL OR SHARE PERSONAL INFORMATION WE HAVE COLLECTED ABOUT YOU UNLESS YOU OPT-IN (CONSENT) TO SUCH SALE OR SHARING. When you visit our Site, we provide you with a cookie banner based on your location (IP address). For users located in California, the selling or sharing of your personal information category is set on default opt-in. You can opt-in to the sale or sharing of your personal information by clicking Your Privacy Choices on the bottom of the Site homepage and changing your cookie settings under Storage Preferences by clicking the toggle next to Do Not Sell or Share My Personal Information (so the toggle turns grey). If you opt-in to the selling and sharing of your personal information, you can opt-out again by clicking Your Privacy Choices on the bottom of the Thirty Madison homepage and changing your cookie settings under Storage Preferences by clicking the toggle next to Do Not Sell or Share My Personal Information (so the toggle turns gray).

THE RIGHT TO KNOW / SPECIFIC INFORMATION

You have the right to know and request the following information relating to the Personal Information we may have collected and disclosed:

  • The categories of Personal Information we have collected about you;
  • The categories of sources of the Personal Information;
  • The purposes for collecting, selling, or sharing the Personal Information; and
  • If we sold, shared or disclosed your Personal Information for a business purpose, two separate lists disclosing: the categories of Personal Information that was disclosed for a business purpose and the categories of recipients of such information; and the categories of Personal Information that we sold to or shared with third parties and the categories of recipients of such information.

We are not required to provide you with this information more than twice in a twelve (12) month period.

THE RIGHT TO ACCESS

You have the right to access and obtain a copy of the specific pieces of Personal Information we have collected about you, upon verification of your identity.

THE RIGHT TO CORRECT

You have the right to request that we correct inaccurate Personal Information that we collected and maintain about you.

THE RIGHT TO REQUEST DELETION

You have the right to request that we delete the Personal Information that we collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

THE RIGHT NOT TO RECEIVE DISCRIMINATORY TREATMENT

You have the right not to receive discriminatory treatment for exercising any consumer rights described in this California Policy or the CCPA.

TO SUBMIT A REQUEST TO EXERCISE YOUR RIGHT TO KNOW, ACCESS, CORRECT AND DELETE

To exercise your rights to know, access, correct and delete, you or your agent may contact us at:

Cove: Phone (877) 456-2683; Email care@withcove.com

Keeps: Phone (833) 745-3377; Email help@keeps.com

Facet: Phone (855) 658-8855; Email help@facetcare.com

We may ask you to provide additional Personal Information, such as name, address, or e-mail, so that we can properly identify you in our dataset to track compliance with a request. We will only use Personal Information provided in a request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems. In certain circumstances, we may decline a request to exercise the rights described above.

You may designate an authorized agent to exercise your rights on your behalf.

RESPONSE TIMING AND FORMAT

We will endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we are unable to process your request in such time, we will inform you of the delay in writing. If you have an account with us, we will deliver our written response to that account or via email. If you do not have an account with us, we will deliver our written response by mail or email. Information provided in response to a consumer request will be provided free of charge, up to twice.

We reserve the right to charge a fee to process or respond to your verifiable consumer request if we determine that such request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

RIGHT TO APPEAL

If we are unable to comply with all or a portion of your request, we will explain the reasons we cannot comply. You may appeal our decision by resubmitting a request and we will inform you of any action taken or not taken in response to the request and explain the reasons for our decision within sixty (60) days of receiving the request.

RIGHT TO OPT-OUT OF SELLING OR SHARING PERSONAL INFORMATION

AS NOTED ABOVE, WE DO NOT SELL OR SHARE PERSONAL INFORMATION WE HAVE COLLECTED ABOUT YOU UNLESS YOU OPT-IN (CONSENT) TO SUCH SALE OR SHARING. If you opt-in to the selling and sharing of your personal information, you can opt-out again by clicking Cookie Preferences on the bottom of the Thirty Madison homepage and changing your cookie settings under Storage Preferences by clicking the toggle next to Do Not Sell or Share My Personal Information (so the toggle turns gray) and then click “Save” to save your preferences.

We also honor opt-out preference signals in a “frictionless” manner, which means, if you use an opt-out preference signal, we will not (i) charge you a fee or require any valuable consideration; (ii) change your experience with our Service; (iii) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial content in response to the opt-out preference signal.
Some browsers and browser extensions support the “Global Privacy Control” (GPC) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales and/or targeted advertising. We have configured our cookie consent manager to honor GPC signals and will make reasonable efforts to respect your choices.

CHILDREN UNDER 18

As noted in Section 9 of our Privacy Policy, we do not target children under the age of 18, and we do not knowingly collect personal information from children under the age of 18. If we learn that we have collected personal information from someone under 18, we will promptly delete that information.