Effective Date: October 1, 2022
Information We Collect
The types of information that we may collect and receive from you while you use the Services are described in this section and include both information that you provide to us, information that we collect automatically when you use the Services, and information that we collect from third party sources.
Personal Information: Personal information is information from which an individual may be identified directly or indirectly. Personal information may include information such as your name, postal address, telephone number, email address, date of birth, device and browsing information, such as your IP address, and health, financial and professional information.
We may collect personal information that you provide to us through our Services. For example, you may provide your personal information to us: through your completing forms or setting up accounts on one of our websites or web portals; through an enrollment form to register for one of our programs or services; through your requests to receive marketing materials and information about our products or services; by contacting a Caidya customer service department; or by responding to Caidya questionnaires or surveys.
Cookies and other similar technologies: When you use our Services, we may also collect information relating to your usage or visits to our websites and your devices. This information is generally collected using server log files, cookies, “pixel tags,” and tools, such as, Google Analytics.
Server Log Files: Your Internet Protocol (IP) address is an identifying number that is automatically assigned to your computer by your Internet Service Provider (ISP). This number is identified and logged automatically in our server log files whenever you visit our websites, along with the time(s) of your visit(s) and the page(s) that you visited. We use the IP addresses of all visitors to our websites to calculate our websites’ usage levels, to help diagnose problems with website servers, and to administer the websites. We may also use IP addresses to communicate with or block access by visitors who fail to comply with our terms and conditions for use of our Services. Collecting IP addresses is standard practice on the Internet and is carried out automatically by many websites. However, Caidya does not combine traffic data with user accounts.
Pixel Tags: Our websites may use so-called “pixel tags”, “web beacons”, “clear GIFs” or similar means (collectively, “pixel tags”) to compile aggregate statistics about website usage and response rates. Pixel tags allow us to count users who have visited certain pages on our websites, to deliver branded services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can tell the sender whether and when the email has been opened.
Our Uses of Personal Information
The personal information that is collected in connection with our Services may be used in any of the following ways:
The information that we collect from your devices is used to better design our websites. We analyze the information we collect to enhance our websites’ security and to track the popularity of certain pages on the websites, the success of our email notifications, traffic levels on the websites, and other usage data, all of which helps us to provide content tailored to your interests and improve our websites and related Services.
We do not make any decisions about you based solely on automated processing of your information, including profiling, unless we inform you, as required by applicable laws.
How We Share Personal Information
We may share your personal information with third parties with whom we have contracted, as well as affiliates and business partners. We will require these recipients to use your personal information only for appropriate purposes and take appropriate measures to protect your personal information.
We may disclose information if we believe it is necessary: (a) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to protect the legitimate rights, privacy, property, interests, or safety of Caidya, our patients, business partners, personnel, or the general public; (iii) to pursue available remedies or limit damages; (iv) to enforce our terms and conditions on our products or services; or (v) to respond to an emergency. We reserve the right to disclose personal information when we believe in good faith that such action is necessary to comply with a legal obligation.
Third Party Advertising
Links To Other Websites
Our websites may contain links to third party websites, which are not operated or controlled by Caidya and for which Caidya is not responsible. The links from the websites do not imply that Caidya endorses or has reviewed the third party websites. Once you leave one of our websites, we are not responsible for the protection and privacy of any information you provide. We suggest contacting those third parties directly for information regarding their privacy practices.
Global Access and Data Transfers
The laws in certain countries may not provide the same level of protection as the laws in your country or region. When that is the case, and as required by applicable laws, we take steps to protect your information, such as by entering into contracts with recipients of your information or by implementing additional data protection safeguards.
By using our websites or Services or you are otherwise providing information to us, you hereby expressly consent to the transfer of your personal information outside your country or region.
Children’s Privacy Protection
Protecting the privacy of children is especially important to us. We take seriously our obligations under applicable laws concerning the collection of personal information from children. Our Services are not directed to children and we do not knowingly allow children to communicate with us or use any of our websites or Services. We request that children do not provide any personal information through our websites or in connection with the Services. If you are a parent and become aware that your child has provided us with personal information, please contact us at DPO@Caidya.com.
EU-US and Swiss Privacy Shield Framework
Caidya participates in the EU-US and Swiss Privacy Shield framework. Click here to learn more.
Your Choices and Rights
If you would like your personal information removed from our systems, changed or updated, you can click here and submit the form to DPO@Caidya.com. If requested, we will promptly verify and delete your account and you will no longer receive emails or other communications from Caidya. Your removal from the mailing list or our systems will not remove records of past transactions or delete information stored in our data backups and archives where we are required to keep your data for legitimate business or legal requirements. Data on past transactions and data stored in backups and archives will be deleted in the normal course of our business.
Under certain laws, such as the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA) or China’s Personal Information Protection Law and Cybersecurity Law (including their implementing regulations and national standards), you may have the following rights with respect to your personal information:
We will respond to your requests within the time period prescribed by applicable laws. Under certain circumstances, Caidya may ask you for specific information to confirm your identity and ensure the exercise of your rights. This is a security measure to safeguard personal information. We will notify you when your request is completed, if we deny your request to exercise your rights (because, for example, an exception applies), or if there is a fee associated with processing your request.
You may designate an authorized agent to exercise your rights on your behalf. In such case, we will also need to verify your agent’s identity and obtain proof of your authorization. We may need to deny a request from an agent whose identity or authorization we cannot verify.
If you believe that Caidya has processed information in a manner that is unlawful or breaches your rights, or has infringed applicable laws, you may have the right to complain directly to your local data protection authority. Without limiting any rights to complain directly to an authority, we are committed to protecting personal information, and complaints may be made directly to us.
We will not discriminate against you for exercising any data subject right you have under applicable law.
Caidya stores personal information and other data using reasonable physical, technical and administrative safeguards to secure information and data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while Caidya has endeavored to create secure and reliable websites for our users, the confidentiality of any communication or material transmitted to or from one of our websites or via e-mail cannot be guaranteed. You should take special care in deciding what information you transmit, upload, send, or otherwise submit to Caidya.
In case of a personal information security incident, as required by applicable laws, we will inform you in a timely manner and report the incident to the relevant regulatory authorities.
We endeavor to respond to your request as soon as reasonably possible in compliance with all applicable laws.
Additional Information for Individuals in the European Union/European Economic Area, United Kingdom, or Switzerland
We are required to comply with the European Union’s and the United Kingdom’s General Data Protection Regulations (“GDPR”/”UKGDPR”), Switzerland’s Federal Act on Data Protection (FADP) and similar applicable local laws with regards to certain personal information we collect. The data controllers of your personal information are the Caidya entities referenced when we collect your personal information. Please contact us if you have any questions about the controller or controllers of your personal information.
Sensitive Personal Data. We may process special categories of information (e.g., sensitive personal data that reveals racial or ethnic origin or genetic, biometric and health information, etc.) only where you give us your explicit consent, or when our processing is for scientific research purposes, necessary to meet a legal or regulatory obligation, in connection with the establishment, exercise or defense of legal claims, or is otherwise expressly permitted by law. If we need to collect your personal information by law or under the terms of a contract we have with you and you do not provide the requested information, we may not be able to perform the contract we have, or are trying to enter into, with you.
The servers where your personal data are stored may be located in the United States and other countries that have not been deemed by the European Commission to provide an adequate level of protection for personal data. In addition, we may share personal data with our affiliates and external service providers and third parties located outside of the EEA. When we transfer personal data out of the EEA to other countries that have not been deemed adequate, we will implement one or more of the safeguards deemed to provide appropriate safeguards by the European Commission, which may include EU Standard Contractual Clauses, transfers to organizations that protect personal data under binding corporate rules, or transfers to organizations that operate under an approved code of conduct or certification mechanism.