Wisp Privacy policy

Last Updated: May 24, 2023

1. Please Read Carefully

This Privacy Policy describes the information that governs your access to and use of the websites, mobile applications, and all other services (collectively, the “Services”) provided by wisp, Inc. and its affiliates including, but not limited to, Hemlock Medical, Inc., a California Professional Corporation, Hemlock Medical of Kansas, P.A., a Professional Association based in Kansas, and Hemlock Medical of New Jersey, PA, a Professional Association based in New Jersey, and Hemlock Medical of Texas, PA, a Professional Association based in Texas (collectively referred to as “Company”) collects about you though our website(s), mobile application, and any other services we provide (collectively, the “Services”), how we use and share that information, who will have access to the information we collect, and the security measures Company offers to protect your information. This policy applies to information we collect when you access or use our website(s) (“Site”) and mobile application (“App”) (the Site and App may hereinafter collectively be referred to as the “Platform”), when you use our Services or when you otherwise interact with us.

When you create, register or log into an account through the Platform, you are automatically accepting and agreeing to the most-recent version of this Privacy Policy, as well as the Site’s and the App’s Terms and Conditions.

Similarly, by visiting, accessing or using the Platform, you are automatically accepting and agreeing to the most-recent version of this Privacy Policy, as well as the Site’s and the App’s Terms and Conditions, and your continuing visit, access or use of the Site or the App reaffirms your acceptance and agreement in each instance.

2. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by posting the updated policy on our Platform and revising the “Last Updated” date above. We encourage you to review the Privacy Policy whenever you use our Services to stay informed about our information practices and about ways you can help protect your privacy.

3. Confidentiality of Health Information

Health information that Company receives and/or creates about you, personally, relating to your past, present, or future health, treatment, or payment for healthcare services, may be “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). Your health information may also be protected by state privacy laws and regulations.

Company understands that health information about you and your health is personal. We support your privacy and ensure that the transmittal and use of your information complies with all laws, except to the extent that you have authorized Company to transmit information to you by other means. In this regard, where applicable, we comply with HIPAA, HITECH, and other relevant state laws and regulations by entering into Business Associate Agreements with the treatment providers for which we provide services to ensure that your protected health information is appropriately safeguarded.

You will find more specific information below in the Notice of Privacy Practices about how we collect your protected health information, how we use or disclose it, and what your rights are regarding your protected health information.

4. Use of Services

Your access to and use of our Services are subject to certain terms and conditions, which are set forth in our Terms of Use and Telehealth Authorization and Consent.

5. Collection of Information

5.1 Information You Provide

We collect information you provide, such as when you email us, sign up through our Platform, or submit information through our Platform. We may collect, but are not limited to collecting, the following information: your name, gender, email address, mailing address, phone number, date of birth, payment and bank information provided through the use of our website.

5.2 Children

Company provides content on its Platform intended for use only by persons eighteen (18) years of age and older. Neither the Site nor the App is designed or intended to attract and is not directed to, children under 18 years of age, let alone children under thirteen (13) years of age. Company does not knowingly collect or maintain personally identifiable information from persons under 18 years of age without verifiable parental consent. If you are under 18 years of age, then please do not use the Services without parental consent.

If Company learns that personally identifiable information of persons less than 18 years of age has been collected without verifiable parental consent, then Company will take the appropriate steps to delete this information. If you are a parent and know that your child of less than 18 years of age is using our Platform, you can make a request to delete their information (“Request for Removal of Minor Information”) from our Platform by contacting us at Privacy@Hellowisp.com.

Please submit any such Request for Removal of Minor Information to any one of the following:

1. By e-mail:Privacy@Hellowisp.com., with a subject line of “Removal of Minor Information”.

2. By U.S. mail: If you send a Request for Removal of Minor Information by mail, then please do so by U.S. Certified Mail, Return Receipt Requested to allow for confirmation of mailing, delivery and tracking. Company will not accept any Request for Removal of Minor Information via telephone or facsimile. Company is not responsible for failing to comply with any Request for Removal of Minor Information that is incomplete, incorrectly labeled or incorrectly sent.

Address: 548 Market St, PMB 52789 San Francisco, California 94104

For each Request for Removal of Minor Information, please state “Removal of Minor Information” in the e-mail or letter subject line, and clearly state the following in the body:

  • the nature of your request;
  • the identity of the content or information to be removed;
  • whether such content or information if found on the Site or the App;
  • the location on content or information on the Site or the App (e.g., providing the URL for the specific web page the content or information is found on);
  • that the request is related to the “Removal of Minor Information;”
  • your name, street address, city, state, zip code and e-mail address; and
  • whether you prefer to receive a response to your request by mail or e-mail.

Please note that the aforementioned removal does not ensure complete or comprehensive removal of such content or information posted on the Site or the App.

Also, please note that Company is not required to erase or otherwise eliminate, or to enable erasure or elimination of, such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires wisp to maintain the content or information; when the content or information is stored on or posted to the Site by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when Company anonymizes the content or information so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.

The foregoing is a description of Company’s voluntary practices concerning the collection of personal information through the Site from certain minors, and is not intended to be an admission that Company is subject to the Children’s Online Privacy Protection Act, the Federal Trade Commission’s Children’s Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.

5.3 Information We Collect from Your Use of the Services

We collect information about you when you use our Platform, including, but not limited to the following:

  • Account Information. When you register with us using the Platform to create an account and become a registered user, you will need to provide us with certain personally identifiable information to complete the registration, including information that can be used to contact or identify you and payment or other billing information in some cases.
  • Device Information. We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services. For example, we may collect and analyze information such as (a) IP addresses, geolocation information (as described in the next section below), unique device identifiers and other information about your mobile phone or other mobile device(s), browser types, browser language, operating system, the state or country from which you accessed the Services; and (b) information related to the ways in which you interact with the Services, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers or service providers and technologies, including cookies and similar tools, to assist in collecting this information.
  • Location Information. We may collect different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access the Services), and may use that information to customize the Services with location-based information, advertising, and features. For example, if your IP address indicates an origin in Los Angeles, California, the Services may be customized with Los Angeles-specific information and advertisements. In order to do this, your location information may be shared with our agents, third party vendors or third party advertisers. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.
  • Cookies and Other Electronic Technologies. We may use the tools outlined below in order to better understand users. As we adopt additional technologies, we may also gather additional information through other methods. -- Cookies: “Cookies” are small computer files transferred to your computing device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Services. We use Cookies to help us improve or tailor the Services by tracking your navigation habits, storing your authentication status so you do not have to re-enter your credentials each time you use the Services, customizing your experience with the Services, and for analytics and fraud prevention.
    We may use a type of advertising commonly known as interest-based or online behavioral advertising, discussed in more detail below in the Section titled “Online Behavioral Advertising”. This means that some of our third-party business partners use Cookies to display Company ads on other websites and services based on information about your use of the Services and on your interests (as inferred from your online activity). Other Cookies used by our business partners may collect information when you use the Services, such as the IP address, mobile device ID, operating system, browser, web page interactions, the geographic location of your internet service provider, and demographic information such as sex and age range. These Cookies help Company learn more about our users’ demographics and internet behaviors.

For more information on cookies, visit http://www.allaboutcookies.org.

  • Web Beacons: ““Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers, and the emails, special promotions or newsletters that we send you. The information collected by Web Beacons allows us to analyze how many people are using the Services, using the selected advertisers’ websites or opening our emails, and for what purpose, and also allows us to enhance our interest-based advertising.
  • Platform Analytics: We may use third-party analytics services in connection with the Platform, including, for example, to register mouse clicks, mouse movements, scrolling activity and text that you type into the Platform. These analytics services generally do not collect personal information unless you voluntarily provide it and generally do not track your browsing habits across sites which do not use their services. We use the information collected from these services to help make the Platform easier to use.
  • Mobile Device Identifiers: Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of personal information (such as media access control, address and location) and traffic data. Mobile device identifiers help Company learn more about our users’ demographics and internet behaviors.
5.4 Information from Third Parties

We may obtain additional information about you from third parties such as marketers, partners, researchers, and others. We may combine information that we collect from you with information about you that we obtain from such third parties and information derived from any other subscription, product, or service we provide.

5.5 Aggregate or De-identified Data

We may aggregate and/or de-identify information collected by the Services or via other means so that the information is not intended to identify you. Our use and disclosure of aggregated and/or de-identified information is not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation for any purpose, in accordance with applicable laws and regulations.

6. Use of Information

We use the information that we collect for the following purposes:

  • For the purposes for which you provided the information.
  • To contact you when necessary or requested.
  • To personalize your experience with the Services by informing you of products, programs, events, services, and promotions of Company, our affiliates, our partners and/or third parties that we believe may be of interest to you (see the “Opt-In Policy” below).
  • To fulfill your purchase from us, including, to process your payments, communicate with you regarding your purchase or provide you with related customer service.
  • To send mobile notifications (you may opt-out of this service).
  • To provide, maintain, administer, improve, or expand the Services, perform business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer.
  • To customize and tailor your experience of the Services.
  • To send emails and other communications that display content that we think will interest you and according to your preferences.
  • To send you news and information about our Services.
  • To track and analyze trends and usage in connection with our Services.
  • To better understand who uses the Services and how we can deliver a better user experience.
  • To combine information received from third parties with the information that we have from or about you and use the combined information for any of the purposes described in this Privacy Policy.
  • To conduct research and measurement activities for purposes of product and service research and development, advertising claim substantiation, market research, and other activities related to Company, the Site, the App and/or their respective products and/or services.
  • To place and track orders for prescription drugs and other products on your behalf.
  • To use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts.
  • To prevent, detect, and investigate security breaches, fraud, and other potentially illegal or prohibited activities.
  • To enforce the legal terms that govern your use of the Services.
  • To protect our rights or property.
  • To administer and troubleshoot the Services.
  • For any other purpose disclosed to you in connection with our Services.

We may use third-party service providers to process and store personal information in the United States and other countries.

7. Sharing of Information

We may share personal information about you as follows:

  • With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf.
  • With our affiliates and partners, including Hemlock Medical Inc. and its contractors who may provide you healthcare services and pharmacies or other vendors that fill your prescription drugs or other healthcare-related product orders, so that they may use such information for the purposes described in this Privacy Policy.
  • With our affiliates, partners or other third parties to allow them to contact you regarding products, programs, services, and promotions that we and/or they believe may be of interest to you (See the “Opt-In Policy” below).
  • In connection with, or during the negotiation of, any merger, sale of Company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business (but only under non-disclosure and confidentiality agreements and protections).
  • If we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; to enforce applicable user agreements or policies; to protect the security or integrity of our Services; and to protect us, our users or the public from harm or illegal activities.
  • With your consent.

We may also share aggregated, non-personally identifiable information with third parties for any purpose because we have taken reasonable steps to carefully remove any identifiers that may personally identify you.

8. Opt-In Policy

When you supply us with personally identifiable information in connection with your use of the Services, you may be asked to indicate whether you are interested in receiving information from us about our product and service offerings and if you would like us to share personally identifiable information about you with our affiliates, partners or other third parties for their marketing purposes. If you do choose to opt-in, you will receive such communications and/or we will share your information in accordance with your “opt-in” consent.

You may, of course, choose not to receive additional marketing information from us or choose not to allow our sharing of your personally identifiable information as follows: at any time, you can follow a link provided in our marketing-related email messages (but excluding e-commerce confirmations and other administrative emails) to opt out from receiving such communications; or at any time, you can contact us in accordance with the “Contact Us” section below to opt out from receiving such communications.

If you decide to contact us to change your contact preferences to opt out of receiving communications from us, please specify clearly which of the following choices you are opting out of: (a) receiving marketing communications from us; (b) allowing us to share personally identifiable information about you with our affiliates and partners for their marketing purposes; and/or (c) allowing us to share personally identifiable information about you with other third parties for their marketing purposes.

We will endeavor to implement your requested change as soon as reasonably practicable after receiving your request. Please be aware that your requested change will not be effective until we implement such change. Please note that if you choose not to allow our sharing of your personally identifiable information, we are not responsible for removing your personally identifiable information from the databases of third parties with which we have already shared your personally identifiable information as of the date that we implement your request. If you wish to cease receiving marketing-related e-mails from these third parties, please contact them directly or utilize any opt-out mechanisms in their privacy policies or marketing-related e-mails.

Please note that if you do opt-out of receiving marketing-related messages from us, we may still send you important administrative messages. You cannot opt-out from receiving these administrative messages. We reserve the right, from time to time, to contact former customers or users of the Services for administrative purposes or in order to comply with applicable laws, rules or regulations.

9. Social Media and Third Party Platforms

Certain sections or functionalities on our Platform’s Services you engage with may permit you to share information on websites that are owned or operated by other companies, including third party social media sites or platforms such as Facebook, Instagram, LinkedIn, Twitter, or other similar sites (collectively, “Third-Party Websites”). When you use a link online to visit a Third-Party Website, you will be subject to that website’s privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use and security practices of the linked Third-Party Website before providing any information on that website. Company does not own or control such Third-Party Websites, and posting your information on Third-Party Websites is subject to the third party’s Privacy Policy and other legal terms, which may not provide privacy protections with which you agree. Company is not responsible for any act or omission of any Third-Party Website, nor are we responsible for the consequences of your choice to share your information on Third-Party Websites.

10. Security

We take reasonable measures, including administrative, technical, and physical safeguards, to help protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Company cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Please note that information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information (such as your Social Security number) to us. To help maintain the security of your personal information, we ask that you please notify us immediately of any unauthorized visit, access or use of the Site and/or the App, or the loss or unauthorized use of your user access information for the Site and/or the App (e.g., username or password).

11. Your Privacy Choices

11.1 How You Can Access and Update Your Information

You may update or correct information about yourself at any time or by emailing us at Privacy@Hellowisp.com

11.2 Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies; however, our Services may not function properly if you do so.

11.3 Options for Opting out of Cookies and Mobile Device Identifiers

If you are interested in more information about online behavioral advertising/interest-based advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link or TRUSTe’s Advertising Choices Page to opt-out of receiving tailored advertising from companies that participate in those programs.

Please note that even after opting out of interest-based advertising, you may still see Company’s advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that Company is no longer using its tracking tools—Company still may collect information about your use of the Services even after you have opted out of interest-based advertisements and may still serve advertisements to you via the Services based on information it collects via the Services.

11.4 How Company Responds to Browser “Do Not Track” Signals

We are committed to providing you with meaningful choices about the information collected on our Platform for third-party purposes, which is why we provide above the Network Advertising Initiative’s “Consumer Opt-out” link, Digital Advertising Alliance’s Consumer Opt-Out Link, and TRUSTe’s Advertising Choices page. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations and solutions. For more information about DNT signals, visit http://allaboutdnt.com.

Our Services may contain links to other Third-Party Websites, and those websites may not follow the same privacy practices as Company. We are not responsible for the privacy practices of Third-Party Websites. We encourage you to read the privacy policies of such third parties to learn more about their privacy practices.

11.6 No Rights of Third Parties

This Privacy Policy does not create rights enforceable by third parties.

11.7 How to Contact Us

Please contact us with any questions or concerns regarding this Privacy Policy at Privacy@Hellowisp.com.

12. Notice of Privacy Practices

Company is dedicated to maintaining the privacy of your protected health information (“PHI”). PHI is information about you that may be used to identify you (such as your name, social security number or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of healthcare to you, or (c) your past, present, or future payment for the provision of healthcare. In conducting its business, Company may receive and create records containing your PHI. Company is required by law to maintain the privacy of your PHI and to provide you with notice of its legal duties and privacy practices with respect to your PHI.

Company must abide by the terms of this Notice while it is in effect. This Notice is in effect from the date noted above until Company replaces it. Company reserves the right to change the terms of this Notice at any time, as long as the changes are in compliance with applicable law. If Company changes the terms of this Notice, the new terms will apply to all PHI that it maintains, including PHI that was created or received before such changes were made. If Company changes this Notice, it will post the new Notice on its Platform and will make the new Notice available upon request.

12.1 Uses and Disclosures of PHI

Company may use and disclose your PHI in the following ways:

  1. Treatment, Payment and Healthcare Operations. Company is permitted to use and disclose your PHI for purposes of (a) treatment, (b) payment and (c) healthcare operations. For example: -Treatment. Company may disclose your PHI to a provider in connection with the provision of treatment to you -Payment. Company may use and disclose your PHI to your health insurer or health plan in connection with the processing and payment of claims and other charges. -Healthcare Operations. Company may use and disclose your PHI in connection with its healthcare operations, such as providing customer services and conducting quality review assessments. Company may engage third parties to provide various services for Company. If any such third party must have access to your PHI in order to perform its services, Company will require that third party to enter an agreement that binds the third party to the use and disclosure restrictions outlined in this Notice.
  2. Authorization. Company is permitted to use and disclose your PHI upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time.
  3. As Required by Law. Company may use and disclose your PHI to the extent required by law.
  4. Special Circumstances. The following categories describe unique circumstances in which Company may use or disclose your PHI: -Public Health Activities. Company may disclose your PHI to public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. Company may, in certain circumstances disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition. -Workers’ Compensation. Company may disclose your PHI as authorized by, and to the extent necessary to comply with, workers’ compensation programs and other similar programs relating to work-related illnesses or injuries. -Health Oversight Activities. Company may disclose your PHI to a health oversight agency for authorized activities such as audits, investigations, inspections, licensing and disciplinary actions relating to the healthcare system or government benefit programs. -Judicial and Administrative Proceedings. Company may disclose your PHI, in certain circumstances, as permitted by applicable law, in response to an order from a court or administrative agency, or in response to a subpoena or discovery request. -Law Enforcement. Company may, under certain circumstances, disclose your PHI to a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness or missing person. -Decedents. Company may, under certain circumstances, disclose PHI to coroners, medical examiners and funeral directors for purposes such as identification, determining the cause of death and fulfilling duties relating to decedents. -Organ Procurement. Company may, under certain circumstances, use or disclose PHI for the purposes of organ donation and transplantation. -Research. Company may, under certain circumstances, use or disclose PHI that is necessary for research purposes. -Threat to Health or Safety. Company may, under certain circumstances, use or disclose PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. -Specialized Government Functions. Company, may in certain situations, use and disclose PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. Company may also disclose PHI to federal officials for intelligence and national security purposes.
12.2 Your Rights Regarding Your PHI.

You have the following rights regarding the PHI maintained by Company :

  1. Confidential Communication. You have the right to receive confidential communications of your PHI. You may request that Company communicate with you through alternate means or at an alternate location, and Company will accommodate your reasonable requests. You must submit your request in writing to Company.
  2. Restrictions. YYou have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment or healthcare operations. You also have the right to request that Company limits its disclosures of PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to Company. Company is not required to comply with your request. However, if Company agrees to comply with your request, it will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
  3. Inspection and Copies. YYou have the right to inspect and copy your PHI. You must submit your request in writing to Company. Company may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. Company may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, Company will inform you of the reason for the denial, and you may request a review of the denial.
  4. Amendment. You have a right to request that Company amend your PHI if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by Company. You must submit your request in writing to Company and provide a reason to support the requested amendment. Company may, under certain circumstances, deny your request by sending you a written notice of denial. If Company denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
  5. Accounting of Disclosures. You have a right to receive an accounting of all disclosures Company has made of your PHI. However, that right does not include disclosures made for treatment, payment or healthcare operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request in writing to Company and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, Company may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. Company will inform you of such costs in advance, so that you may withdraw or modify your request to save costs.
  6. Breach Notification. You have the right to be notified in the event that Company (or a Company Business Associate) discovers a breach of unsecured PHI.
  7. Paper Copy. You have the right to obtain a paper copy of this Notice from Company at any time upon request. To obtain a paper copy of this notice, please contact Company by calling (415) 209-5810.
  8. Complaint. You may complain to Company and to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated. To file a complaint with Company, you must submit a statement in writing to Company at Privacy@Hellowisp.com. Company will not retaliate against you for filing a complaint.
  9. Further Information. If you would like more information about your privacy rights, please contact Company by calling (415) 209-5810 and ask to speak to the Privacy and Security Officer. To the extent you are required to send a written request to Company to exercise any right described in this Notice, you must submit your request to Privacy@Hellowisp.com.

13. State Specific Policies

If you are a resident of California, Virginia, or Colorado, you have the following rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act, Colorado Privacy Act (“CPA”), and Virginia Consumer Data Protection Act (“VCDPA”). In the event of any conflict between the terms of this section and the rest of the Privacy Policy, the terms of this section prevail.

This Consumer Privacy Notice (the “State Privacy Notice”) supplements Company’s Privacy Policy and applies solely to the personal information and sensitive personal information of California consumers collected by Company. This State Privacy Notice also applies to Company’s contractors and job applicants.

13.1 Collecting and Using Your Personal Information

The following lists the categories of Personal Information which Company collects or may collect. Company may collect this information from you or our service providers. For more information on where and how Company collects information, see Section 5 above and Section 13.2 below. The purposes for which Company collects the Personal Information are described in Section 6 above and Section 13.3 below. Company will retain the Personal Information for so long as you are a user of the service plus 6 years before permanently deleting it.

  • Identifiers

Identifiers such as a real name, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology); telephone number, online identifier, internet protocol address, email address, Social Security number, driver’s license number, passport number, and other similar identifiers.

  • Additional Data Subject to Cal. Civ. Code § 1798.80

Signature, physical characteristics or description, state identification card number, insurance policy number, education, bank account number, credit card number, debit card number, and other financial information, medical information, and health insurance information

  • Characteristics of Protected Classifications

Characteristics of protected classifications under California or federal law, such as race, color, national origin, religion, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, genetic information, disability, citizenship status, and military and veteran status

  • Commercial Information

Commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies

  • Biometric Information

An individual’s physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

  • Online Activity

Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements

  • Geolocation Data

Physical Location or Movements

  • Sensory Information

Audio, electronic, visual, thermal, olfactory or similar information

  • Employment Information

Professional or employment-related information

  • Non-public education information

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

  • Inferences

Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

  • Sensitive Personal Information (as defined in Cal. Civ. Code § 1798.140)

Personal Information that reveals:

  1. A consumer’s social security, driver’s license, state identification card, or passport number.
  2. A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  3. A consumer’s precise geolocation.
  4. A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
  5. The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
  6. A consumer’s genetic data;

or

  1. The processing of biometric information for the purpose of uniquely identifying a consumer;
  2. Personal Information collected and analyzed concerning a consumer’s health; or
  3. Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.

Personal Information does not include:

  • Publicly available information from government records;
  • Deidentified or aggregated consumer information;
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
13.2 Sources of Personal Information

We obtain the categories of Personal Information listed above from the following categories of sources:

  • Directly from You. For example, from the forms you complete on our Service, preferences you express or provide through our Service, or from your purchases on our Service.
  • Indirectly from You. For example, from observing your activity on our Service.
  • Automatically from You. For example, through cookies we or our service providers set on your device as you navigate through our Service.
  • From Service Providers. For example, third-party vendors to monitor and analyze the use of our Service, third-party vendors for payment processing, or other third-party vendors that we use to provide the Service to you.
13.3 Purposes for Collecting Personal Information

In addition to using Personal Information as set forth in the Privacy Notice, Company may use your Personal Information for the following business purposes:

  1. To operate our Service and provide you with our Service.
  2. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our Service.
  3. To fulfill or meet the reason you provided the information. For example, if you share your contact information to ask a question about our Service, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to purchase a product or service, we will use that information to process your payment and facilitate delivery.
  4. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  5. As described to you when collecting your Personal Information or as otherwise required by law.
  6. For internal administrative and auditing purposes.
  7. To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.

If we decide to collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes we will update this State Privacy Notice.

13.4 Sale of Personal Information

Company does not sell Personal Information in exchange for monetary compensation or other valuable consideration and has not sold any Personal Information in the past twelve (12) months. While we do not sell any data of our customers, this website uses cookies. Cookies are used to improve user experience, track anonymous site usage, store authorization tokens, enhance users experience of site usability, marketing activities, and permit sharing on social media networks voluntarily by customers (please see our Privacy Policy for a full description of how we use your data). In certain cases, sharing data with these providers could be considered a “sale” under certain state laws even though it is not a sale in the traditional sense. We are therefore giving residents of states where such laws may apply the ability to opt out of the cookies and trackers that may fall under the definition of “sale.”

Please note: If you opt out of these cookies and trackers, your web experience may be severely degraded.

To opt out of these cookies and trackers, please contact us at Privacy@hellowisp.com or by phone at (415) 209-5810.

13.5 Sharing of Personal Information

During the twelve (12) months prior to the effective date of this State Privacy Notice, Company may have collected the categories of Personal Information listed below and shared your Personal Information with Service Providers/Contractors and/or Third Parties listed in the next section:

  • Identifiers
  • Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Commercial information
  • Internet or other similar network activity

When we share Personal Information for a business purpose with a third party, we enter into a contract with that third party that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We may share your Personal Information identified in the above categories with the following categories of Service Providers or Third Parties:

  • Service Providers
  • Payment processors
  • Our affiliates
  • Our business partners
  • Third party vendors to whom you or your agents authorize Us to disclose your Personal Information in connection with products or services we provide to you.
13.6 Collection of Personal Information of Minors Under 16 Years of Age

We do not knowingly collect Personal Information from minors under the age of 16 through our Service, although certain third party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies and we encourage parents and legal guardians to monitor their children’s Internet usage and instruct their children to never provide information on other websites without their permission.

We do not sell or share the Personal Information of Consumers we actually know are less than 16 years of age.

If you have reason to believe that a child under the age of 16 has provided Us with Personal Information, please contact Us with sufficient detail to enable Us to delete that information.

13.7 Automated Decision-Making or Profiling

We may in some cases use automated decision-making if it is authorized by legislation, if you have provided an explicit consent or if it is necessary for the performance of a contract. When using automated decision-making, we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.

You can always express your opinion about a decision based solely on automated processing, including profiling, if such a decision would produce legal effects (e.g. contract cancellation) or otherwise similarly significantly affect you (e.g. refusal of an online application).

13.8 Your Consumer Privacy Rights

You have the following rights:

  • The right to access Personal Information. You have the right to be notified which categories of Personal Information are being collected and the purposes for which the Personal Information is being used.
  • The right to request. You have the right to request that we disclose information to you about our collection, use, sale, disclosure for business purposes and share of Personal Information, including Specific Categories of Information and Specific Pieces of Information. Once we receive and confirm your request, we may disclose to you:
  • The categories of Personal Information we collected about you;
  • The categories of sources for the Personal Information we collected about you;
  • Our business or commercial purpose for collecting or selling that Personal Information;
  • The categories of third parties with whom we share that Personal Information;
  • The specific pieces of Personal Information we collected about you;
  • If we sold your Personal Information or disclosed your Personal Information for a business purpose, we will disclose to you: The categories of Personal Information categories sold; The categories of Personal Information categories disclosed.
  • The right to correct your Personal Information. Subject to certain exceptions, you have the right to request that we correct certain Personal Information we have collected from you. To submit a correction request, please contact us via email at privacy@hellowisp.com.
  • The right to say “no” to the sale of Personal Information(opt-out). In the future, if Company decides to sell your Personal Information, you have the right to direct Us to not sell your Personal Information by submitting an “opt-out” request through our website from each device where you access the Services.
  • The right to say “no” to the sharing of Personal Information (opt-out). In the future, if Company decides to sell your Personal Information, you have the right to direct Us to not sell your Personal Information by submitting an “opt-out” request through our website from each device where you access the Services.
    Platform
    You can access the “Do Not Sell or Share My Personal Information” link in the footer of the website. Alternatively, you may also contact us via email at Privacy@Hellowisp.com or by phone at (415) 209-5810.
  • The right to limit the use or disclosure of Sensitive Personal Information: Subject to certain exceptions, you have the right to request that we limit the use or disclosure of Sensitive Personal Information we have collected from you. To submit a request to limit the use or disclosure of sensitive Personal Information, please contact us via email at Privacy@Hellowisp.com or by phone at (415) 209-5810.
  • The right to delete Personal Information. You have the right to request the deletion of your Personal Information, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with Us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it. To submit a deletion request, please contact us via email at Privacy@Hellowisp.com.
  • The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer’s rights, including by:
  • Denying goods or services to you
  • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
  • Providing a different level or quality of goods or services to you
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services
13.9 Exercising Your Data Protection Rights

In order to exercise any of your rights, you can contact us by sending us an email: Privacy@Hellowisp.com or by phone at (415) 209-5810.

Only you, or a person you authorize to act on your behalf (your “Authorized Agent”), may make a request related to your Personal Information – Request to Know, Request to Correct, or Request to Delete.

We will not discriminate or retaliate against you if you choose to exercise any of your rights under the law. We are permitted, however, to charge you a reasonable fee to comply with your request.

Your request to us must:

  • Provide sufficient information that allows Us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative
  • Describe your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.

Please know that before we can respond to your request about whether we can comply with or will deny your request, we must do the following:

  • Verify your identity or the identity of your Authorized Agent to make the request and
  • Confirm that the Personal Information relates to you.

What Our Verification Process Looks Like:

  1. Identity Verification: For us to process some requests, we will need to verify your identity to confirm that the request came from you. We may contact you by phone or e-mail to verify your request. Depending on your request, we will ask for information such as your name, an e-mail address that you have used with Wisp, or a phone number you have used with Wisp. For certain requests, we may also ask you to provide details about your most recent order.

  2. Authorized Agents: If you ask an Authorized Agent to submit a request to delete, request to correct, or a request to know, we may require the Authorized Agent to provide proof that you gave the Authorized Agent signed permission to submit the request. We may also require you to do either of the following: Verify your own identity directly with the business, or Directly confirm with the business that you provided the Authorized Agent permission to submit the request.

Request Response Time:

  • Whether or not we can successfully verify your identity, we will respond to you within 45 calendar days of receiving your request to know, requests to correct, or requests to delete and inform you whether we can comply with or have to deny your request.
  • If we successfully verify your identity, we will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request.
  • Please know that the time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice for a total of 90 calendar days in which we will do our best to verify your identity and comply with your request.

Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt.

For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.