QDX™ HEALTHID PRIVACY NOTICE

 

By using our Website or App, you consent to our collection, use, and sharing of your Personal Data as described in this Policy. If you do not consent to this Policy, please do not use the Website or App. We use the information for the purposes explained at the time of collection, as described in this Policy, in the Informed Consent page, and our Terms of Use page.

   I. SCOPE AND PURPOSE
   II. WHO IS QDX™ HEALTHID INCORPORATED?
   III. WHAT IS THE QDX™ HEALTHID?
   IV. WHAT INFORMATION DO WE COLLECT?
   V. HOW DO WE COLLECT YOUR INFORMATION?
   VI. HOW DO WE USE YOUR INFORMATION?
   VII. SHARING AND DISCLOSING YOUR INFORMATION
   VIII. YOUR RIGHTS AND CHOICES
   IX. MINORS
   X. INTERNATIONAL TRANSFER
   XI. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
   XII. UPDATES TO THIS NOTICE
   XIII. CONTACT INFORMATION

I. SCOPE AND PURPOSE

 QDX™ HealthID, Incorporated (hereinafter “QDXH,” “we,” “us,” and “our”), a wholly-owned subsidiary of Quantum Materials Corp (“QMC”), and its members, subsidiaries, and affiliates value your privacy and the confidentiality of the information you choose to share. This privacy notice (“Policy”) describes how we may collect, use, process, and share information about you that we obtain through our website www.qdxhealthid.com (“Website”) and the QDX™ HealthID application (“Application” or “App”), which is powered by the patent-pending QDX™ Platform. This Policy also applies to electronic communications, including emails and texts, between you and our Website and the App, and when you interact with our approved advertising and applications on third-party websites and services if those advertising and applications include links to this Policy.

 This Policy does not apply to information (1) obtained by us offline or any other means, including other websites (operated by QMC, QDXH, or any third-party) that post different privacy statements, or (2) collected by your healthcare provider, any public health agency or any other third-party for that matter, including your employer, through any website, application or content (including advertising) that may link to or be accessible from or on the Website or App. We do not control, and are not responsible for, the privacy practices of, or the information available on, the websites and applications of those other third parties or entities. We urge you to evaluate the soundness of the privacy practices of those websites and applications for yourself.

II. WHO IS QDX HEALTHID INCORPORATED?

 QDXH is a wholly-owned subsidiary of QMC, a U.S.-based leader in quantum dot production. QMC developed a patent-pending blockchain-enabled platform designed to ensure authenticity and validation of people, products, and processes (the “QDX™ Platform”). QMC’s subsidiary, QDXH, has licensed that technology as the foundational platform for the QDX™ HealthID. For more information about QMC, please refer to its website at www.quantummaterialscorp.com.

III. WHAT IS THE QDX™ HealthID?

 QDX™ HealthID is an application-based platform that allows individuals to share their Health Status. “Health Status” means the recording of the outcome and data around specific events related to your health, and the QDX “HealthID” refers to the data that comprises your Health Status as it is displayed on your smartphone with a QR code and color-coded indicators. As such, QDX™ HealthID provides an easy to manage HealthID that can be configured to comply with the health status compliance requirements of different governments, health agencies, companies, restaurants, employers—anyone who seeks to visibility into the Health Status of a workforce, visitors, or other third parties entering a site or attending an event. To learn more about QDX™ HealthID, please visit the Website and review further details about the App in the App’s Terms of Use.

IV. WHAT INFORMATION DO WE COLLECT?

Use of the App involves downloading the App to your mobile device and reading and accepting the Terms of Use, the Informed Consent, and this Privacy Policy (collectively “Related Agreements”). If you do not agree with the Related Agreements, do not download the App and do not create an Account.

If you choose to accept the terms of the Related Agreements, you register to use the App by creating an account. Creating an account requires that you give us certain information, a name and email address, and your creating a password with multi-factor authentication. The App asks you to display a photo identification, such as a driver’s license or passport, which is scanned within the App and verified by a third-party vendor. Accordingly, we may collect different types of information about you when you visit our Website or use our App, including information:

  1. by which you may be personally identified, such as: name; home, work, billing, and shipping address; e-mail address; telephone numbers; place and date of birth; government or license identification numbers, including National Provider Identifier (“NPI”) numbers issued to health care service providers in the United States; driver’s license numbers; any and all information included on your photo identification, front and back (such as height, weight, eye color, corrective lenses requirements, organ donor status and any other information the issuing authority displays on your driver’s license or passport), photos, audio, and video of you; your gender; health information obtained during the testing process—a temperature reading, test results, or your answers to a checklist of symptoms; or any other identifier by which you may be contacted online or offline (all of the foregoing collectively, “Personally Identifiable Information” or “PII”). PII could also be information you provide concerning others, such as family members; and
  2. that is about you but individually does not identify you, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to our Website or use of our App, error information, clickstream data, and other communication data and the resources that you access and use on the Website or through our App, or your internet connection, the equipment you use to access our Website or use our App and usage details (collectively, “Non-Personally Identifiable Information” or “NPII”).
  3. PII and NPII are known, collectively, as Personal Data.

V.  HOW DO WE COLLECT YOUR INFORMATION?

1. Directly - from you

   a. When you register to create an account for use in the App or sign up for updates on our Website; 

   b. When you enter information in connection with an inquiry into our services or request that we send you updates, or when you complete forms on our Website or in the App; and 

   c. When you report a problem with our Website or App to us.

  1. Indirectly - from third parties

   a. From third parties who may have access to your Personal Data. These third parties include our customers and other third-party service providers to whom you may have submitted your information, for example, your employer or a service provider who may have purchased or licensed from QDXH products and services implementing the App and Service for use with a workforce, a work site, or the service provider’s own customers; and

   b. From other secondary sources, including but not limited to social networks, such as LinkedIn, among others, when you engage with our content, reference our Website or App, or grant us permission to access information from the social networks, customers that offer co-branded services or customers who offer the App and its Services under their company name, sell or distribute our products (including the QDX™ HealthID), or engage in joint marketing activities, and information that is publicly available.

If we acquired all or some of your Personal Data from any third party, we will use such Personal Data consistent with this Policy. We do not control how your Personal Data may be used by the third party to whom you submitted it.

  1. Automatically - using cookies and other technologies

   a. Like many websites, we use cookies, web beacons, and similar technologies to record your preferences, track the use of our Website, and collect information. This information may include but is not limited to internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data; and

    b. Using tracking technologies provided by third parties. This information collected by third parties for us will be subject to their privacy policies and/or terms of service.

   c. The App collects and uses technical data regarding your mobile device, system and application software and peripherals to facilitate product support and updates and evaluate and improve the functionality of the App and the Service.

VI.  HOW DO WE USE YOUR INFORMATION?

The Personal Data we collect from you may be required for the following uses:

  1. Create and manage your account on the Website and App and to provide you with our products and services. With regard to the App specifically, the Service holds a minimal amount of information about you. The data from your photo identification, including the photograph itself, is used to verify your identity at the time you register for an account so your test results can be tied to and authenticated in relation to a particular test kit and testing process. After verification of your identity, your identity exists in a de-identified manner on the QDX™ HealthID Platform. The data that comprises your Health Status is stored in a separate secure, cloud-hosted database that includes the safeguards legally required for both the transmission and the storage of personal and medical information. This hosted database, with de-identified data about your Health Status, may be accessible to (i) researchers, policymakers, and health care authorities for data required to address public health issues and (ii) QDXH customers who may be your employer or an entity or person providing you with a service or product.
  2. Enter into a contract, on your behalf, with QDXH, or for QDXH to perform under the contract, or for fulfilment of an order placed on your behalf by a third-party, and to provide you with our products and services. If you refuse to provide such Personal Data or withdraw your consent to our processing of Personal Data, then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it or perform other obligations we have to you or to a third-party on your behalf.
  1. To help us to improve our Website and App, in terms of the automatically collected information, and to deliver a better and more personalized service to you.
  1. As cookies for different purposes, including to allow you to be recognized as the same user across the different pages of a website, between websites, or when you use an application. Specifically, our Website and App use cookies as follows:
   a. Technical Cookies: We try to give our visitors an advanced, user-friendly Website and App that adapt automatically to their needs and wishes. To achieve this, we use technical cookies to show you our Website and App, to make it function correctly, to create your user account, to sign you in, and to manage your interactions with the Website and App. These technical cookies are necessary for our Website and App to function properly. 
   b. Functional Cookies: We also use functional cookies to remember your preferences and help you use our Website and App efficiently and effectively. For example, these cookies remember your preferred currency (if any), language and your searches. We may also use cookies to remember information you have provided previously. These functional cookies are not strictly necessary for our Website and App to work, but they make it easier to use and enhance your experience.

   c. Analytics Cookies: We use these cookies to gain insight into how our visitors use the Website and App. This means we can find out what works and what does not, optimize and improve our Website or App, understand the effectiveness of our messaging and communications, and ensure we continue to be interesting and relevant. The data we gather can include which web pages you’ve viewed, which referring/exit pages you’ve entered and left from, which platform type you’ve used, which emails you’ve opened and acted upon, and date and time stamp info.

   d. Commercial Cookies: We may use third-party cookies as well as our own to display personalized advertisements on our websites and on other websites. This is called “retargeting,” and it is based on browsing activities.

5. Per your request, or through your unsolicited or otherwise voluntarily made comments, to be published or displayed (hereinafter, “posted”) on public areas of the Website or App, on third party social media sites (such as LinkedIn or Facebook), or transmitted to other users of the Website or App or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable and we have no control over the security of third-party social media sites. Additionally, we cannot control the actions of other users of the Website and App with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

  6. When we are required or permitted to do so by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.

Some of the Personal Data we process may be considered sensitive, including personal data concerning your health, such as Personal Data from your test-kit, testing process and test results in conjunction with the Service. We will only process such Personal Data when necessary as described above or to protect any other legitimate interests.

Our processing of data received from our customers or vendors, including, but not limited to, health care service providers, local health agencies, etc. (“Customer Data”) is governed by the agreements we enter into with them, which may include Business Associate Agreements as applicable and required under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Our customers may have their own privacy practices and/or policies that govern their collection and use of your data. We are not responsible for how our customers treat the information we received from them or collect on their behalf, and we recommend you review their privacy practices and/or policies to understand how they treat your information. For further information on your rights and choices regarding Customer Data, see the “Your Rights and Choices” section below.

The Website may not respond to web browsers’ Do Not Track signals. Thus, your selection of the “do not track” option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

We will not retain your Personal Data, whether obtained through tracking technologies or provided by you, longer than necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Wherever your information is held by QDXH or on its behalf, we take reasonable and appropriate administrative, physical, and technical security safeguards to protect the information that you share with us from loss, theft, misuse and unauthorized access, alteration, destruction, and disclosure. In addition, QDXH and its service providers enter into agreements that require that care and precautions be taken to prevent loss, misuse, or disclosure of your information. The safety and security of your information also depends on you. Where you have chosen a password for the use of our App, for example, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. Please refer to the Terms of Use and Informed Consent for more information about how we handle and protect your Personal Data.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Rights and Choices” section below.

VII. SHARING AND DISCLOSING YOUR INFORMATION

To authenticate the steps and processes involved in generating and displaying your Health Status and HealthID, we may disclose or share your Personal Data with third parties, including QDXH customers, which may include your employer or prospective employer, public health agencies, health care providers, vendors or service providers who require that information to administer care, provide benefits or services, or monitor testing and disease. You agree that QDXH may share, or otherwise disclose your Personal Data, with such third parties in conjunction with the delivery of our products and services, including the QDX™ HealthID as set forth herein.  

PLEASE NOTE:  The third parties with which we share your Personal Data as set forth herein may retain or use your Personal Data whether or not the products or services rendered are for your benefit. The Personal Data that comprises the Health Status and that generates the HealthID are stored in a de-identified manner in a separate secure, cloud-hosted database that includes the safeguards legally required for both the transmission of and the storage of personal and medical information. This hosted database, with de-identified data about your Health Status, may be accessible to researchers, policymakers, and health care authorities for data required to address public health matters. This separate secure, cloud-hosted database is legally required to have and does have the safeguards for maintaining personal medical information. This hosted database also may be accessible to third parties with whom QDXH has a contract to provide products and services, such as your employer or other entity that requires visibility into the Health Status of persons entering a workspace or other space. You should contact these third parties directly concerning their privacy and information sharing practices.

In addition, we engage certain service providers and third parties to process information on our behalf for business purposes. Service providers are used, for example, to host and maintain information on a secure, cloud-hosted database to provide the safeguards legally required for maintaining personal medical information (such as HIPAA security requirements). In addition, we may share Website and App usage and information with these service providers to help manage our content, administer ads, provide insights to us related to marketing needs, for market research purposes, and to analyze our marketing efforts.

We may work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services.

We may share information with vendors, consultants, agents, and partners for business and commercial purposes to help us provide or improve our services or our Website and App. Our vendors include, but are not limited to, analytics and technology companies. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information.

We may also disclose or share your Personal Data at our sole discretion:

  1. In response to a subpoena or similar investigative demand, a court order, a request for cooperation from a law enforcement agency, self-regulatory body, or other governmental agency; to establish or exercise our legal rights; to defend against legal claims; to respond to any complaint; or as we reasonably believe is required by law. In such cases, we may raise or waive any legal objection or right available to us.
  1. When we believe disclosure is appropriate in order to investigate, prevent, or take action regarding actual or suspected illegal activity or other wrongdoing; to protect and defend the rights, property, or safety of QDXH and any of its affiliates, our users, our employees, or others; or to enforce our Website’s and App’s Terms of Use or other agreements or policies.
  1. In connection with a substantial corporate transaction involving QDXH or any of its affiliates, such as a sale of QDXH, its parent, or any related entity, brand or division thereof, a divestiture, merger, consolidation, asset sale, or bankruptcy.
  1. In connection with state and/or federal licensing or other legal requirements. You authorize QDXH to obtain any and all required information from the third party with whom you may have shared your Personal Data for our goods or services in order for QDXH to comply with current laws and regulations as well as with any requests from state or federal regulators.

Notwithstanding the foregoing, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.

VIII. YOUR RIGHTS AND CHOICES

  1. General rights
   a. If you wish to stop receiving marketing communications from us, please click on the “unsubscribe” link at the bottom of the relevant communication. If you wish to opt-out completely, please contact us at the “Contact Information” provided below.
   b. If you would like us to delete your information from our records, please contact us using the “Contact Information” provided below and we will respond within a reasonable time. Please note that we may be required to retain certain information by law and/or for our own legitimate business purpose. 
  1. Users from the European Union and United Kingdom

If you are from the European Union (“EU”) or the United Kingdom (“UK”), you have rights, with some exceptions and restrictions, to:

   a. object to our processing of your Personal Data. You can object at any time and we will stop processing the information to which you have objected, unless we can show compelling legitimate grounds to continue the processing;

   b. access your Personal Data. If you make this kind of request and we have your Personal Data in our possession, we are required to provide you with information on it, including a description and copy of the Personal Data and why we are processing it; 

   c. request erasure of your Personal Data in certain circumstances; 

   d. request correction or updating of any inaccurate Personal Data that we hold about you; 

   e. request the restriction of our processing of your Personal Data in some situations. If you make the request, we can continue to store your Personal Data but are restricted from processing it while the restriction is in place;

   f. withdraw your consent to our use of your Personal Data at any time. When you use our Website or App, you may have been asked to consent to the use of cookies. You may withdraw your consent to our processing of your Personal Data that has been derived from cookies. If you do withdraw consent, that will not affect the lawfulness of what we have done with your Personal Data before you withdrew consent; 

   g. object to our use of your Personal Data for direct marketing;

   h. request portability of your Personal Data that we hold, in certain circumstances; and

   i. complain to your local data protection authority about our collection or use of your Personal Data. For example, in the UK, the local data protection authority is the UK Information Commissioner’s Office.

If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

If you are from the EU and would like to exercise any of these rights in relation to any information about you in our possession via the Website or App, please contact us using the “Contact Information” provided below. We will consider and respond to your request in accordance with the relevant law.

IX.  MINORS

The Website and App are not intended for minors under the age of 18. QDXH does not wish to obtain any information from or about such minors through the Website or App without the consent of a parent or guardian. If you are under 18 years old, do not use the Website or App.

We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. Although the App currently does not allow for access for anyone under the age of 18, if you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us using the Contact Information provided below. We will remove the data to the extent required by applicable laws.

We do not knowingly “sell,” as that term is defined under the California Consumer Privacy Act (“CCPA”), the personal information of minors under 16 years old who are California residents. If you are a California resident under 18 years old, you can ask us to remove any content or information you have posted on the Website or App. To make a request, email us at the email address set out in the “Contact Information” section with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

X.  INTERNATIONAL TRANSFER

QDXH is based in the United States of America (“U.S.”). If you are accessing the Website or App from outside of the U.S., please be aware that information collected through the Website and the App may be transferred to, processed, stored, and used in the U.S. and other jurisdictions.

Transfers of personal data outside the EEA

If you are accessing the Website or App from the European Economic Area (“EEA”), in connection with our business or services, we may transfer your Personal Data outside the EEA to members of our group and processors in the U.S. and on occasion other jurisdictions. Some of our systems and the systems of our third-party providers may be hosted in the U.S. We will ensure that any transfer we make is lawful and that there are appropriate security arrangements to protect your Personal Data.

Moreover, where we need to transfer your information outside of the EEA, we will only do so to countries that have been determined by the European Commission to have an adequate level of data protection or by using a variety of legal mechanisms, including the U.S. Privacy Shield and Standard Contractual Clauses, to help ensure your rights and protections.

If you would like more information on any of the data transfer mechanisms on which we rely please contact us by using the contact details provided below in the “Contact Information” section.

XI.  PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

  1. Effective Date: July 1, 2020
  1. This Privacy Notice for California Residents (“Notice”) supplements the information contained in this Policy and included above, and applies solely to visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice.
  1. Information We Collect
   a. The QDX™ HealthID is a mobile device application (“App”) that is powered by a blockchain-enabled, patent-pending “QDX™ Platform” owned by QMC and licensed to QDXH, a subsidiary of QMC. The QDX™ HealthID was launched in 2020. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information"). Personal Information does not include:
   i. Publicly available information from government records.
   ii. De-identified or aggregated consumer information.
   iii. Information excluded from the CCPA's scope, such as health or medical information covered by HIPAA and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data.
   b. Given our history, the Website and App have no preceding twelve (12) month historical data on information collected from California residents. Nevertheless, the Website and App may collect the following categories of personal information from consumers:

 

Category

Examples

Collect

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, education, employment, employment history, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

Yes

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

YES

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

NO

 

   c. We obtain the categories of personal information listed above from the following categories of sources:
   i. Directly from you. For example, from forms you complete or products and services you purchase.
   ii. Indirectly from you. For example, from third parties and from observing your actions on our Website.

For more on the information we collect, including the sources we receive information from, review the What Information Do We Collect? section above.

   d. Although QDXH does not sell your information, your employer or other persons who are QDXH customers may have purchased a contract for products or services relating to and including the QDX HealthID for access to data related to providing you services or as part of back-to-work or similar programs. Please review the How Do We Use Your Information section above.

   e. We use and partner with different types of entities to assist with our daily operations and manage our Website and App. Please review the “SHARING AND DISCLOSING YOUR INFORMATION” section for more details about the parties with whom we share information.

   f. Our Website and App are intended to provide information to our business customers who have entered into contracts with QDXH for products or services pertaining to the authentication and verification of persons, processes, and spaces involved in testing for a particular infectious disease or infectious disease-causing agent (such as the coronavirus or COVID-19), including the test-kit manufacturers, health care providers, and you. If you are a QDXH customer or a test subject, you understand and agree that information collected about you is solely within the context of (i) your role as an employee, employer, job applicant, health care provider, test subject, vendor, or contractor or (ii) QDXH’s conducting authentication and verification exercises regarding, or providing or receiving a product or service to or from you, your employer, employer, health care provider, vendor, health care organization or public health agency.

   g. If you are a California resident and we, as a service provider, have processed personal information about you on behalf of a customer that you believe falls under the CCPA and you wish to exercise your CCPA rights, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal information. We will refer your request to that customer and will support them to the extent required by the California privacy law in responding to your request.

  1. Use of Personal Information

   a. We collect and use personal information for business and commercial purposes in accordance with practices described in this Policy, including one or more of the following business purposes:

   i. To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to create an account or ask a question about our products or services, we will use that personal information to authenticate your test results or to verify who you are and respond to your inquiry. We may also save your information to manage the account.

   ii. To provide, support, personalize, and develop our Website and App, products, and services.

   iii. To create, maintain, customize, and secure your account with us.
   iv. To process your requests, purchases, transactions, and payments and to prevent transactional fraud.
   v. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
   vi. To help maintain the safety, security, and integrity of our Website and App, products and services, databases and other technology assets, and business.
   vii. To help prevent and address fraud, breach of policies or terms, and threats or harm.
   viii. Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
   ix. For testing, research, analysis, and product development, including to develop and improve our Website and App, products, and services.
   x. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
   xi. As described to you when collecting your personal information or as otherwise set forth in the CCPA.
   xii. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
   xiii. To fulfil any other business or commercial purposes at your direction or with your notice and/or consent.
  1. Your Rights and Choices
    a. The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

           i. Right to Know

You have the right to request that we disclose certain information to you about our collection and use of your personal information in the preceding 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you, based upon your request:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

           ii. Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide goods or services that you requested or that was requested on your behalf, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

           iii. Exercising Your Right to Know and Right to Delete 

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. The verifiable consumer request must provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:

  • First and last name, email address, date of birth and username (as applicable).
  • Description of your request with enough details that allow us to properly understand, evaluate, and respond.

We cannot substantively respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you, except where the CCPA does not require a verifiable request for a response. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

 

You may only make a consumer request for access or data portability twice within a 12-month period.

 

          iv. Response Timing and Format

We endeavor to respond to a consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

 

Any disclosures we provide will only cover the 12-month period preceding the consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

          v. Right to Opt-Out and Opt-In

Although QDXH does not sell your personal information from your use of the App to third parties, if your employer, service provider, or a medical professional or facility administering a test has purchased the right to use or access any part of the QDX™ HealthID, that entity may have access to, and manage, the data regarding the Health Status of its own customers, employees, or workforce. Nevertheless, to the extent we sell your personal information as the term “sell” is defined under the CCPA, you have the right to direct us to not sell your personal information at any time (the "right to opt-out"). Consumers who opt-in to personal information sales may opt-out of future sales at any time.

          vi. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

          vii. Other California Privacy Rights

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website and App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes in particular: Customers who are residents of California may request:

  • a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and
  • a list of the categories of third parties to whom we disclosed such information.

To make such a request, please send an email specifying that your request relates to the California “Shine the Light” law to privacy@qdxhealthid.com or write to us at:

Chief Legal Officer, QDX HealthID Incorporated, 3055 Hunter Road, San Marcos, TX 78666. We may require additional information from you to allow us to verify your identity, and we are only required to respond to requests once during any calendar year.

XII. UPDATES TO THIS POLICY

We reserve the right to make updates and revisions to this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on the Website and update the effective date. Any changes will be effective as of the “Updated” date. Your continued use of the Website and App following the posting of changes constitutes your acceptance of such changes.

XII. CONTACT INFORMATION

If you have any questions or comments about this Policy, the ways in which QDXH collects and uses your information described here, your choices and rights regarding such use, or you wish to exercise your rights under California law, please contact us by:

Or

writing to us at:

QDX HealthID Incorporated

Attn: Chief Legal Officer

3055 Hunter Road

San Marcos, TX 78666