This is the privacy notice required by the California Consumer Privacy Act of 2018, also known as the CCPA. This CCPA Privacy Notice supplements our Privacy Notice, and applies only to California residents, which the CCPA also calls “consumers.” In the event of a conflict as to California residents this Notice prevails.
The CCPA is a California state law effective January 1, 2020 that is intended to give California residents additional transparency about, and rights regarding, businesses’ collection, use and sharing of their personal information.
Limits on the CCPA’s Applicability to Nexsun Diagnostic Laboratories
As a healthcare organization in clinical laboratory testing, much of Nexsun Labs’ business is regulated by a federal law called The Health Insurance Portability and Accountability Act, commonly referred to as HIPAA. HIPAA has strict rules that govern the use and disclosure of personal information related to healthcare, which HIPAA calls Protected Health Information or PHI.
The CCPA does not apply to PHI used or disclosed by Nexsun Labs, or to personal information that Nexsun Labs already handles in the same way it handles PHI. For example, our laboratory testing (the tests we perform that are ordered by your doctor) and our employee wellness testing operations are protected in accordance with HIPAA. This means that the personal information or PHI that we use and disclose in connection with these operations falls outside the scope of the CCPA. Likewise, the CCPA does not apply to de-identified information derived from PHI, if it is de-identified in accordance with HIPAA standards. Nexsun Labs discloses information derived from PHI that has been de-identified in accordance with either the Safe Harbor or the Expert Determination methods of de-identification recognized under HIPAA, and this de-identified information falls outside the scope of the CCPA.
If you are a California resident seeking information about your PHI, please refer to our HIPAA Notice of Privacy Practices. Our HIPAA Notice of Privacy Practices describes how we use and disclose your PHI, our legal duties with respect to your PHI and your rights with respect to your PHI and how you may exercise them. You may access our HIPAA Notice of Privacy Practices from the Privacy section of our website at nexsunlabs.com.
Personal Information We Collect
When we are not handling PHI subject to HIPAA, Nexsun Labs may be a business under the CCPA, and has taken measures to uphold CCPA requirements and fulfill the rights of California residents covered under the CCPA, as further described in this Notice.
In the 12 months preceding the effective date of this Notice, we may have collected the following categories of personal information from California residents, falling within the scope of the CCPA:
|Identifiers||Name, address, telephone number, internet protocol address, email address, or other similar identifiers|
|Internet or other similar network activity||Browsing history, information regarding a consumer’s interaction with our website, form submissions, email unsubscribes and subscribes, email engagement, information from cookies or other technologies used on our website, see our Cookie Notice|
We may have collected the categories of personal information listed above from the following categories of sources:
- From individuals who voluntarily provided it, for example by filing out a webform, receiving help through our customer support channels, participation in customer surveys, or in response to your inquiries
- From subsidiaries and affiliated companies
Please note that the following types of information are not personal information subject to the CCPA:
- Publicly available information from government records
- De-identified or aggregated consumer information
- Information excluded from the CCPA’s scope, including but not limited to PHI covered by HIPAA, information derived from PHI that is de-identified in accordance with HIPAA, and personal information we handle in our capacity of a service provider to a business
Our Use of Personal Information
In the 12 months preceding the effective date of this Notice, we may have used personal information of California residents, falling within the scope of the CCPA, for the following purposes:
- as reasonably necessary and proportionate to fulfill the purposes for which the information was provided
- to provide information, products or services
- to audit and measure user interaction with our websites, so we can improve the relevancy or effectiveness of our content and messaging
- to develop and carry out marketing, advertising and analytics
- to provide texts or emails containing information about our products or services, or events or news, that may be of interest to recipients, as permitted by law
- to deliver content and products or services relevant to your interests, including targeted ads on third party sites
- to detect security incidents or monitor for fraudulent or illegal activity debugging to identify and repair errors
- to comply with laws, regulations or other legal process
Our Sharing of Personal Information
In the 12 months preceding the effective date of this Notice, we may have shared the personal information of California residents, falling within the scope of the CCPA, with the following categories of recipients for some or all of the use purposes described above:
- subsidiaries and affiliated companies
- service providers, which are prohibited from selling the personal information or retaining, using or disclosing it for any purpose except performing the business purpose they were retained to provide, such as providers that store, host or transmit information or provide analytics regarding our website usage or functionality
- recipients of information from the placement of third-party cookies or other technologies on our websites, as set forth in our Cookie Notice.
Personal information may also be disclosed as required by law, to protect our rights, protect your safety or that safety of others, investigate fraud or respond to government inquiries.
If you are a California resident, you have certain rights regarding your personal information that is covered under the CCPA. Please review each of the rights, below, and the section that follows for more information applicable to these rights.
Right to Know
You have the right to request that we provide you with access to the following information about our collection and use of personal information over the past 12 months:
- the categories of your personal information we have collected
- the specific pieces of personal information we have collected
- the categories of sources of such information
- the categories of third parties with whom we share personal information and/or
- the business or commercial purpose for our collection or sharing of personal information
A written Request to Know may be submitted to us using the contact information provided below.
Right to Delete
You have the right to request that we delete your personal information, subject to certain exceptions. Specifically, Nexsun Labs is not obligated to delete the information if we must retain it for one of the following purposes:
- complete a transaction for which we collected the personal information
- fulfill the terms of a written warranty or product recall conducted in accordance with federal law
- provide a good or service that you requested or take actions reasonably anticipated within the context of our ongoing business relationship
- otherwise perform a contract with you
- detect security incidents
- protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for that activity
- debug to identify and repair errors that impair existing intended functionality
- exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law
- comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 et seq.)
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when deletion of the information is likely to render impossible or seriously impair the research, if you have provided informed consent
- enable solely internal uses of the personal information that are reasonably aligned with your expectations based on your relationship with us
- comply with a legal obligation
- otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information
A written Request to Delete may be submitted to us using the contact information provided below.
DO NOT SELL Rights
Our Cookie Notice describes how you can control cookies and other tracking technologies on our website. You must take the actions described in our Cookie Notice to exercise this control, as we are not able to do it for you.
A written DO NOT SELL Request Form may be submitted to us using the contact information below for California residents. Upon receiving the request, we will record their California opt-out preference for the sharing of their personal information with third parties in the future, in the unlikely event we would ever decide to do so.
Please note, recording your California opt-out preference will NOT change the way cookies work on our website; you must take the action described in our Cookie Notice to do that. Recording your California opt-out preferences will also NOT unsubscribe you from text messages or email communications from Nexsun Labs. All consumers and California residents can do that as directed in any text you receive from us, or by clicking the unsubscribe link in commercial email communications you receive from us.
Recording your California opt-out preferences will NOT impact how we use or disclose your PHI. As we have stated earlier in this CCPA Privacy Notice, our use and disclosure of your PHI is governed by a federal law called HIPAA and various other state laws. HIPAA already prohibits the sale of your PHI without your express authorization. Our HIPAA Notice of Privacy Practices describes how we use and disclose your PHI, our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them. You may access our HIPAA Notice of Privacy Practices from the Privacy section of our website or by emailing us at [email protected].
Right of Non-Discrimination
You have the right to not be discriminated against for exercising any of your rights under the CCPA. Unless permitted by the CCPA, businesses cannot:
- deny you goods or services
- charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
- provide you a different level or quality of goods or services
- suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services
More Information About Your CCPA Rights
You may submit a Request to Know, a Request to Delete or express your opt-out preferences for yourself, or authorize an agent to make the request on your behalf. You may also make a request on behalf of your minor child. We may ask that you submit proof of your identity, and that you and/or your authorized agent demonstrate that you authorized them to submit the request on your behalf.
We may not be able to honor your request if we are unable verify your identity or your agent’s authority to act on your behalf. Likewise, we will not be able to honor your request if we cannot associate the information you or your agent submits to us with covered personal information in our possession. Therefore, please take care to accurately submit your request, and provide any additional information we may seek to assist us in evaluating and responding to it. We may not be able to honor your request if the personal information we maintain about you is not subject to the CCPA’s access, deletion, or opt-out requirements.
We will acknowledge a Request to Know and a Request to Delete within 10 days of receipt, and will make efforts to respond within 45 days. If we are unable to fulfill the request within 45 days, we will inform you or your authorized agent within that period, and may take up to an additional 45 days to fulfill the request. Please note that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.). If you exercise an opt-out preference, we will acknowledge receipt and take any required action on it within 15 days from the date we receive it.
We will not require you to create an account with us to exercise your rights, and we will only use personal information provided with a request to verify your identity or your agent’s authority to act on your behalf.
Any disclosures we make in connection with a verified Request to Know will only cover the 12-month period preceding the request, and we may require additional information to verify your identity or your agent’s authority. If we cannot comply with a request, we will tell you why. We are not obligated to provide information in response to more than two Requests to Know in any 12-month period.
California residents with questions, comments or concerns about the CCPA or their CCPA rights may contact us:
Updates to this Notice
Nexsun Labs will review its CCPA Privacy Notice on at least an annual basis, and may also change this Notice at any time. If we make changes, we will revise the “Last Updated” date at the bottom of this Notice. We encourage you to review this Notice periodically to be sure you are aware of those changes. Changes will become effective as of the “Last Updated” date.
Last Updated: January 01, 2022