California Privacy Rights Act

Last updated: December 16, 2022

Leading Edge Health Inc., a Canada corporation (“LEH”), recognizes that Californians have specific privacy rights pursuant to the California Privacy Rights Act (“CPRA”) with respect to their personal information that a business collects about them as part of its effort to provide goods and services (“PI”). Please take a moment to review how LEH protects Californians’ rights under the CPRA.

These rights are afforded to individuals who live in California, even if he or she is temporarily out-of-state.  The rights are: the right to know and access the categories of PI that may have been collected, the purposes for which it was collected (and used, if applicable), the length of time it will be retained, the right to delete it, the right to correct it, the right to know whether any PI has been sold or shared, the right to opt out of the sales or sharing, the right to limit use and limit disclosure of sensitive PI, and the right to non-discrimination in the event that a consumer invokes any of these rights.

PI does not include information that is publicly available or lawfully made available to the general public from federal, state, or local government records.  It does not include information that is de-identified, nor aggregate consumer information. Also, PI does not include data collected for a single, one-time transaction, if, in the ordinary course of business, that PI is not retained, sold, or used to re-identify or otherwise link information that is not maintained in a manner that would be considered PI.

As per the CPRA, LEH may require authentication that is reasonable in light of the nature of the PI requested. For instance, LEH may verify the consumer’s identity to a reasonable degree of certainty, such as matching two data points provided by the consumer with data points maintained by the business that it has determined to be reliable for the purpose of verifying the consumer. A business can also request a signed declaration under penalty of perjury that the requestor is the consumer whose PI is the subject of the request.  When a consumer uses a third party to submit a request, a business may require that the consumer provide the third party with signed permission, and verify the consumer’s own identity directly with the business.  The goal is to ensure the protection of consumer privacy, because otherwise a person not entitled to know the PI could gain access to it.

Subject to verification that the person seeking information is actually the consumer in question or a third-party duly authorized to act on the consumer’s behalf, Californians’ rights under the CPRA are as follows.

Californians’ Right to Know and Access

If LEH sells or shares your PI, or discloses it for a business purpose, you have the right to know:

(1) The categories of PI that have been collected.

(2) The categories of sources.

(3) The business or commercial purpose for collecting, selling, or sharing your PI.

(4) The categories of third parties to whom LEH disclosed it (if applicable).

(5) The specific PI collected.

If LEH has not sold, shared, or otherwise disclosed your PI for a business purpose, then LEH will inform you of that.

The Right to Delete

A consumer can request deletion of any PI that LEH has collected about them.  LEH will delete it (subject to certain conditions set forth below), notify any service providers or contractors to delete the relevant PI from their records, and notify all third parties to whom LEH has sold or shared the personal information to delete the consumer’s personal information unless this proves impossible or involves (as per the CPRA) disproportionate effort.

The business may maintain a confidential record of deletion requests for purposes permissible under the CPRA.

As per the CPRA, LEH is not required to delete PI if retention is reasonably necessary to:

  1. Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by the consumer, or reasonably anticipated by the consumer within the context of a business’ ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.  
  2. Help to ensure security and integrity to the extent the use of the consumer’s PI is reasonably necessary and proportionate for those purposes.
  3. Debug to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  7. To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business and compatible with the context in which the consumer provided the information.
  8. Comply with a legal obligation.

The Right to Correct

A consumer can ask LEH to correct inaccurate PI about the consumer. LEH must use commercially reasonable efforts to correct PI that the consumer identifies as inaccurate.

The Right to Know What Has Been Sold or Shared and to Whom

A consumer can ask and be told whether LEH has sold or shared PI to a third party, or otherwise disclosed for a business purpose.  Specifically, the consumer has the right to know:

  1. The categories of PI that LEH collected about the consumer.
  2. The categories of PI that LEH may have sold or shared.
  3. The categories of third parties to whom LEH may have sold or shared the PI, by category or categories of PI for each category of third parties to whom PI was sold or shared.
  4. The categories of PI that LEH may have disclosed about the consumer for a business purpose, and the categories of persons to whom it was disclosed for a business purpose.

If LEH has not sold, shared, or otherwise disclosed your PI for a business purpose, then LEH will inform you of that.

The Right to Opt Out of Sale or Sharing of PI

If LEH sells or shares PI, the consumer can direct LEH to stop. Specifically, the consumer can request:

  1. To know whether LEH sells or shares the consumer’s PI.
  2. To opt-out of the sale or sharing (if applicable).

The Right to Limit Use and Disclosure of Sensitive Personal Information

If LEH sells or shares sensitive PI (as the term “sensitive” is defined under the CPRA), the consumer can direct LEH to stop. Specifically, the consumer can request:

  1. To know whether LEH sells or shares your sensitive PI.
  2. To limit its use to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
    1. You can subsequently change your mind and provide consent.
    2. Sensitive PI that is collected or processed without the purpose of inferring characteristics about you is not subject to this section, and it will be considered regular PI.

The Right of No Retaliation for Opting Out or Exercising Other Rights

LEH will not discriminate against you for exercising any of your rights under the CPRA.  Examples of your right to be free of retaliation include:

(1)    Denying you goods or services.

(2)    Charging different prices, including through the use of discounts or other benefits, or imposing penalties.

(3)    Providing a different level or quality of goods or services.

(4)    Suggesting that you will receive a different price or a different quality of goods or services.

LEH may offer incentives (like loyalty programs, rewards, premium features, discounts, payments, or club card programs) as compensation for the collecting, selling, sharing, or retaining PI.  You can revoke your permission if you change your mind. If you do not opt into such a program once it is offered, LEH can again offer you an opt-in after 12 months.

Exercising Your Rights

If you wish to exercise the rights described above, you have two methods for contacting LEH.

  1. Phone: 1-866-621-6884
  2. Email: support@leadingedgehealth.com

In most circumstances under the CPRA, the disclosure of PI covers only the 12-month period preceding LEH’s receipt of the verifiable consumer request.  If you request disclosure of PI beyond the 12-month lookback period, LEH will provide it if it still holds it, and finding it does not require, as per the CPRA, a disproportionate effort.

Under the CPRA, businesses do not have to keep PI for any specific length of time.  Also, businesses do not have to disclose PI more than twice to the same consumer during a 12-month period.

If there is a conflict between your rights under the CPRA and your privacy rights under LEH’s general privacy policy called “Your Privacy Rights,” the relevant provision from the CPRA will govern.

We protect your privacy, and we use cookies to optimize your experience. Continued use of the website means you accept our Cookie Policy and Privacy Policy.