Last Updated: September 5, 2024

BYHEART, INC. (“ByHeart,” “we,” “our,” or “us”) values your privacy. This section of the Privacy Notice (“Notice”) provides additional privacy information for California residents and describes our information practices pursuant to applicable California privacy laws, including the California Consumer Privacy Act (the “CCPA”). If you are not a California resident, please refer to our main Privacy Notice, available at https://byheart.com/pages/privacy-notice. Capitalized terms not defined in this section will have the same meaning as set forth in our main Privacy Notice. Please note that this section does not address or apply to our handling of publicly available information or personal information that is otherwise exempt under the CCPA. Depending on how you interact or engage with us, we may provide you with other privacy notices with additional details about our privacy practices. 

Categories of Personal Information Collected and Disclosed. The following table identifies the categories of personal information we may collect about you (and may have collected in the prior 12 months), as defined by the CCPA, as well as the categories of third parties to whom we may disclose this information. Depending on how you use the Services, we may collect and disclose the following categories of personal information:

Categories of Personal Information	Categories of Third-Party Disclosures
Identifiers. Includes direct identifiers such as name, alias, email, phone number, address, date of birth, username, unique personal identifier, online identifier, IP address, or other similar identifiers.	Affiliates and subsidiaries Advisors and agents Internet service providers Operating systems and platforms Data analytics providers Advertising networks Social networks Others as required by law
Customer Records. Incudes information such as name, account name, contact information, and billing and shipping address).	Affiliates and subsidiaries Advisors and agents Data analytics providers Regulators, government entities, and law enforcement Others as required by law
Commercial Information. Includes records of Services purchased, obtained, or considered, or other purchasing or use histories or tendencies.	Affiliates and subsidiaries Advisors and agents Data analytics providers Regulators, government entities, and law enforcement Others as required by law
Internet or Other Electronic Network Activity Information. Includes, but is not limited to, browsing history, clickstream data, search history, and information regarding interactions with our Site, advertisements, or emails, including other usage data related to your use of any of our Services or other similar online services.	Affiliates and subsidiaries Advisors and agents Internet service providers Operating systems and platforms Data analytics providers Advertising networks Social networks Others as required by law
Location Data. Such as general location information about a particular individual or device.	Affiliates and subsidiaries Data analytics providers Advertising networks Social networks Regulators, government entities, and law enforcement Others as required by law
Audio, Electronic, Visual, or Similar Information. Includes, but is not limited to, information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings and webinars, videos, and photographs.	Affiliates and subsidiaries Advisors and agents Regulators, government entities, and law enforcement Others as required by law
Professional Information. Includes, but is not limited to, job title, company name, business email, business phone number, practitioner identification number, and other similar professional-related information.	Affiliates and subsidiaries Advisors and agents Regulators, government entities and law enforcement Others as required by law
Inferences. Such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behaviors, attitudes, abilities, and aptitudes.	Affiliates and subsidiaries Data analytics providers Regulators, government entities, and law enforcement Others as required by law
Protected Classifications. We may collect information such as age and other characteristics of protected classifications under California or federal law.	Affiliates and subsidiaries Regulators, government entities, and law enforcement Others as required by law
Sensitive Personal Information. In some circumstances, we may collect precise geolocation If you choose to enable location-based sharing with us through your device settings and race and/or ethnic origin if you choose to participate in our market research.	Affiliates and subsidiaries Regulators, government entities, and law enforcement Others as required by law

 

Source of Personal Information. We generally collect personal information from the following categories of sources: directly or indirectly from you; affiliates and subsidiaries; business partners; vendors, service providers, and subcontractors; Internet service providers; operating systems and platforms; social networks; data analytics providers and advertising networks.

Purposes of Collection, Use, and Disclosure. As described in the “How Does ByHeart Use Personal Information” section of our Privacy Notice, in general, we collect and otherwise process personal information for the following business or commercial purposes, or as otherwise directed or consented to by you:

• Services and support;
• To communicate with you;
• Marketing and promotions;
• Research and surveys;
• Planning and managing events;
• Security and protection of rights;
• Compliance and legal process;
• Auditing, reporting, and other internal operations;
• General business and operational support;
• Quality control and training; and
• Analytics and improvement.

Retention of Personal Information. We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection and as otherwise necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. Rather than delete your data, we may deidentify the data so that the data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device. Where we use and/or disclose deidentified data, we will maintain and use the information in deidentified form and not attempt to reidentify the information, except in order to determine whether our deidentification processes are reasonable and adequate pursuant to applicable privacy laws.

Sales and Sharing of Personal Information. The CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-context behavioral advertising. : . We may disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns. We do not sell or share sensitive personal information, nor do we sell or share personal information about individuals we know are under age sixteen (16).

California Privacy Rights. The CCPA provides California residents with specific rights regarding personal information. Subject to certain conditions and exceptions, California residents have the following rights with respect to their personal information:

• Right to Know. You have the right to request: (i) the categories or personal information we collected about you; (ii) the categories of sources from which the personal information is collected; (iii) our business or commercial purposes for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom we have disclosed personal information; and (v) a copy of the specific pieces of personal information we have collected about you.
• Right to Delete. You have the right to request we delete personal information we have collected from you.
• Right to Correct. You have the right to request that we correct inaccuracies in your personal information.
• Right to Opt-Out of Sales and Sharing. You have the right to opt-out of “sales” and “sharing” of your personal information, as those terms are defined under the CCPA.
• Right to Limit Use. You have the right to limit the use and disclosure of your sensitive personal information to the purposes permitted under the CCPA.
• Right to Non-Discrimination. You have the right not to be subjected to discriminatory treatment for exercising any of the rights described in this section.

Exercising Your Privacy Rights. California residents may exercise their CCPA privacy rights as set forth below:

• Right to Know, Delete, Correct, and Limit. California residents may submit CCPA requests to access/know, delete, and correct their personal information, and to limit the use and disclosure of their sensitive personal information, by using our webform or calling 1-833- 429-4327.

When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

You may also designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent. 

• California residents may exercise their right to opt out of the sale and/or sharing of their online personal information by opting out of all but essential cookies via our cookie preference manager here. To opt out of the sale and/or sharing of their offline personal information, please use our Right to Opt-Out Form. You may also click the “Your Privacy Choices” link at the bottom of our Site to be taken to our Trust Center where you can learn about and exercise your privacy rights.

In addition, if we detect that your browser or device is transmitting an , such as the “global privacy control” or “GPC” signal, we will opt that browser or device out of cookies that result in a “sale” or “sharing” of your personal information. If you come to our Site or use our Services from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well. More information about GPC is available at: https://globalprivacycontrol.org/.

Notice of Financial Incentive. We may make available programs, offerings, or similar promotional offerings (each a “Program”) which may include offers, rewards, discounts, perks, and promotions (“Rewards and Offers”). These Programs may be considered “financial incentives” under the CCPA. As described below, we collect, disclose, and retain personal information about individuals as part of these Programs.

Programs. We may make available Rewards and Offers to customers that participate in one of our customer quizzes, surveys, or market research surveys. To participate in such Program, you must register and provide us with certain personal information, which may include identifiers (i.e., name, email, address, phone number, and other similar contact information) and any feedback or responses. Some of these Programs may be administered by third party partners who may collect or receive your personal information to administer the Program and provide related services to us.

As a basis for offering these Rewards and Offers, we have valued the personal information we collect based on a reasonable and good faith calculation determined by considering expenses related to the programs. In doing so, we value the personal information collected through the programs as the equivalent of the costs and expenses incurred to provide the Program, including IT, administration, direct costs, third party costs, and service development costs. 

We disclose the personal information collected for purposes of administering our Programs and consistent with the purposes described in the “Purposes of Collection, Use, and Disclosure” section of this Policy.

You may withdraw from a Program at any time by contacting us at 1-833-429-4327. Please note that if you withdraw from a Program (or submit a CCPA request to delete your Program information), your participation in that Program will be terminated, which means that you will no longer be eligible to earn, use, access or redeem any Program Rewards and Offers, subject to the applicable Program terms.

Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year. To submit a “Shine the Light” request, email us at hello@byheart.com, and include in your request a current California address and your attestation that you are a California resident.

Contact Us. If you have any questions about this Notice or our privacy practices, please email us at hello@byheart.com, or you can contact us via mail at:

ByHeart, Inc.
131 Varick Street, 11th Floor
New York, NY 10013