Additional State-Specific Privacy Disclosures
Effective June 30, 2023
These additional state-specific privacy disclosures (“State Disclosures”) supplement the information contained in the Privacy Policy as applicable to Blink Health Inc. and its subsidiaries engaged in e-commerce transactions (collectively, referred to in these State Disclosures as “Blink,” “we,” “us,” and “our”) and applies solely to those visitors, users, and other consumers in the states of California, Colorado, Connecticut, Utah, and Virginia whose personal information is subject to the California Consumer Privacy Act of 2018 (“CCPA”), as amended and supplemented by the California Privacy Rights Act of 2020 (“CPRA”), the Colorado Privacy Act of 2021 (“CPA”), the Connecticut Data Privacy Act of 2022 (“CTDPA”), the Utah Consumer Privacy Act of 2022 (“UCPA”), and/or the Virginia Consumer Data Protection Act of 2021 (“VCDPA”) (such individuals, “consumers” or “you” and such laws, collectively, “State Privacy Laws”).
Personal Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“Personal information”). In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:
Categories and Examples of Personal Information
Category of Personal Information | Examples | Collected? |
A. Identifiers | Name, address, personal identifier, IP/email address, account name | YES |
B. Personal information categories | Name, signature, physical characteristics or descriptions, telephone number, address, insurance policy number, or bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information | YES |
C. Characteristics of protected classifications | Age, marital status, medical condition, physical or mental disability, sex | YES |
D. Commercial information |
Records of products, services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | YES |
E. Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier | YES |
or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data |
||
F. Internet or other similar network activity |
Browsing history, search history, and information regarding a consumer’s interaction with a website, application, or advertisement | YES |
G. Geolocation data | Physical location or movements | YES |
H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information, such as a voice recording | YES |
I. Professional or employment-related information |
Current or past job history or performance evaluations | YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records | NO |
K. Inferences drawn from other personal information | A profile about a consumer reflecting the consumer’s preferences and behaviors | YES |
L. Sensitive personal information |
Personal Information that reveals a consumer’s social security number, driver’s license, or other government identification numbers; account log-in, financial information credit card or debit card number in combination with a password or other access code; your geolocation; racial or ethnic information, religious or philosophical beliefs, or union membership; contents of mail, email, or text messages, where Blink is not the intended recipient; genetic data; biometric information that can uniquely identify you; health information; information about your sex life or sexual orientation |
YES |
Personal Information does not include:
• Publicly available information
• Deidentified or aggregated consumer information
• Information excluded from the scope of the applicable State Privacy Laws, including:
o Protected health information (“PHI”) governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) and/or the Health Information Technology for Economic and Clinical Health Act (“HITECH”); medical information or governed by the California Confidentiality of Medical Information Act (“CMIA”); or clinical trial data conducted in accordance with federal and international guidelines
o Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GBLA”) or California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1995
These State Disclosures will not apply to categories of information exempted from the applicable State Privacy Laws. However, other Blink policies, including but not limited to the HIPAA Notice of Privacy Practices, may apply.
Sources of Personal Information
We obtain the above categories of Personal Information from the following categories of sources:
• Directly from you when you use Blink’s website (the “Website”) or mobile application (the “Mobile App”) (e.g., when you enter your information to create an account or make a purchase) or talk to our sales representatives
• Indirectly from you when you use the Website or Mobile App (e.g., your activity on the Website or Mobile App)
• Directly or indirectly from you when you submit a job application to Blink or through a third party (e.g., LinkedIn)
• Our affiliates
• From third parties that interact with us in connection with Blink’s products and services (e.g., our payment processor, pharmacies dispensing your medication) • Other third-party sources, such as internet service providers, resellers/brokers, website analytics providers, advertising networks (e.g., when you interact with our social media channels)
• Publicly available information (e.g., government databases, National Provider Identifiers)
How Personal Information May be Used
For each of the above categories of Personal Information we collect, we may use it for one or more of the following purposes:
• to fulfill or meet the reason for which the information is provided, including to provide support, respond to inquiries, and investigate concerns;
• to facilitate new services and product orders or process returns; • to monitor and improve our responses;
• to communicate with you concerning our products or services;
• to communicate with third parties that perform tasks on behalf of or related to our business;
• to improve our website and present its contents to you;
• for testing, research, analysis and product development;
• to protect the rights, property or safety of you and others;
• to personalize, advertise, and market our products and services; • to undertake quality and safety assurance measures;
• to conduct risk and security control and monitoring;
• to detect and prevent fraud;
• to perform accounting, audit, and other internal functions;
• to comply with law, legal process, and internal policies;
• to exercise and defend against legal claims; and
• as otherwise described to you when collecting your personal information or as otherwise set forth in the applicable State Privacy Laws
How Personal Information May be Disclosed
We may disclose your Personal Information to a third party, such as a vendor, for business purposes. In the preceding twelve (12) months, we may have disclosed Personal Information for a business purpose in each of the categories above. We may disclose your Personal Information for business purposes to the following categories of third parties:
• Our affiliates
• Service providers
• Third parties to whom you, your agents, or applicable law authorize us to disclose your Personal Information in connection with products or services we provide to you
The State Privacy Laws require that we disclose any ‘sale’ of your Personal Information. The term ‘sale’ is defined broadly under certain State Privacy Laws and may include the releasing or disclosing Personal Information to a third party, such as a vendor, and that party using the Personal Information for their own purposes. In the preceding twelve (12) months, we may have engaged in this type of sale of Personal Information, from categories A, C, D, or F above. We do not engage in the type of ‘sale’ of Personal Information that involves the receipt of monetary payment in exchange for Personal Information. For the avoidance of doubt, Blink does not sell health information subject to HIPAA without your express authorization. For more information about your rights under HIPAA, including your right to revoke an authorization in writing at any time, please refer to the HIPAA Notice of Privacy Practices.
Retention of Personal Information
For each category of Personal Information, Blink retains your Personal Information only for as long as necessary, based on the following:
• The time necessary to fulfill the business or commercial purposes for which your Personal Information was collected
• The time necessary to comply with legal and regulatory retention requirements Sensitive Personal Data
Blink processes Sensitive Personal Data in order to provide you services or offer products to you.
Your acceptance of these State Disclosures, together with the Privacy Policy, constitutes your opt-in consent to our processing of any Sensitive Personal Data about you.
Individual Rights and Request
The State Privacy Laws provide consumers with specific rights regarding their Personal Information. This section describes your rights under the State Privacy Laws and explains how to exercise those rights.
Your Rights Under the State Privacy Laws
• Right to Access/Know. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information. • Right to Delete. You have the right to request that we delete Personal Information collected from you.
• Right to Correct. You have the right to request that we correct any inaccurate personal information that we have collected and maintained from you. • Right to Opt-Out of Sale, Sharing, and Processing. California residents have the right to opt out of the sale and sharing of your personal information with third parties. Colorado, Connecticut, Utah, and Virginia residents have the right to opt out of the sale of your personal information to third parties or the processing of your personal information for targeted advertising. Colorado, Connecticut, and Virginia residents also have the right to opt out of the processing of your personal information for profiling. You can exercise these rights by completing the webform submission at Do Not Sell or Share My Personal Information or by contacting us using one of the methods below in the section titled “Exercising Your Rights.” Please note that we do not sell Personal Information of consumers if we know that they are less than 16 years of age unless we receive an affirmative authorization: (i) from the consumer if the consumer is between 13 and 16 years of age; or (ii) from the consumer’s parent or guardian if the consumer is under 13 years of age. If you are under 18 years of age, you may
only use the Website and the Mobile App with the involvement of a parent or guardian.
• Right to Portability. You have the right, subject to certain exceptions, to obtain a copy of your personal information in a portable and readily usable format. • Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to request that we limit the use and disclosure of your sensitive personal information to just those uses and disclosures authorized by applicable law.
• Right to Non-Discrimination and Non-Retaliation. You have the right not to be discriminated or retaliated against for exercising any of your rights as a consumer or employee. More information on this right can be found in the section titled “Non-Discrimination and Non-Retaliation” below.
Exercising Your Rights
To exercise one or more of the rights above please submit a request to us by either:
• Calling us at 844-265-6444
• Emailing us at info@blinkhealth.com
For each request, we will ask you:
• To describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
• To provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of that person, we will ask you to provide the following information:
o Your full name, date of birth, and prescription shipping address; and o As to your most recent prescription processed by Blink Health:
▪ The drug name;
▪ The name of the pharmacy from which your drug was picked up or delivered; and
▪ Your Blink member ID (which starts with "B" and is followed by
seven numbers). However, if you do not yet have a Blink account,
you will not be required to create a new account in order to exercise these rights.
We will evaluate and respond to your request within 45 days. If we require more time, we will inform you of the reason and extend the period in writing by up to an additional 45 days. If we are unable to complete your request, we will explain to you in our response the reasons why we cannot comply with your request. Residents of Colorado, Connecticut, and Virginia, if your request has been declined, you have the right to appeal, which you can exercise by replying directly to the email you are appealing, emailing us at info@blinkhealth.com, or calling us at 844-265-6444. You have the right to complain to the Attorney General about the results of your appeal.
A known child’s parent or legal guardian may invoke the above-listed rights on behalf of the child. Please note that if you are under 18 years of age, you may only use the Website and the Mobile App with the involvement of a parent or guardian.
Once we receive and confirm your request, we will, as applicable and unless prohibited or exempted by applicable law:
1. Right to Know: Disclose to you:
o The categories of Personal Information we collected about you
o The categories of sources for the Personal Information we collected about you
o Our business or commercial purpose for collecting or selling that Personal Information
o The categories of third parties with whom we share that Personal Information
o The specific pieces of personal information we collected about you 2. Right to Delete: Delete (and direct our service providers to delete) Personal Information we collected from you
3. Right to Correct: Use commercially reasonable efforts to correct any inaccurate information we have collected and maintained from you
4. Right to Opt-Out of Sale, Sharing, and Processing: Opt you out of the applicable sale and sharing of your personal information with third parties or processing for the applicable purposes
5. Right to Portability: Provide you with a copy of your personal information in a portable and readily usable format
6. Right to Limit Use and Disclosure of Sensitive Personal Information: Refrain from using or disclosing the sensitive personal information for any other purpose unless you subsequently provide consent for the use or disclosure of your sensitive personal information for additional purposes
Non-Discrimination and Non-Retaliation
We will not discriminate or retaliate against you for exercising any of your rights under the State Privacy Laws; this means we will not:
• Deny you goods or services
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services
Blink will not retaliate against any employee, applicant for employment, or independent contractor for exercising their rights under applicable State Privacy Laws.
Blink may offer you certain financial incentives for the collection, sale, sharing, or retention of Personal Information; any financial incentives will be reasonably related to the value provided to Blink by such Personal Information. You will be notified of any financial incentives, including the material terms of the financial incentive program, and you will only be entered into a financial incentive program if you give Blink your prior opt-in consent, which you may revoke at any time.
Authorized Agent
You may designate another person (“Authorized Agent”) to act on your behalf with regard to requests related to State Privacy Laws under these State Disclosures. Requests made by an Authorized Agent will be required to verify your identity as described above.
If you designate an Authorized Agent to act on your behalf with regard to a request described in these State Disclosures, you must provide us with legal authorization documenting the Authorized Agent’s representation. Examples of acceptable forms of legal authorization would be a fully executed Power of Attorney or a notarized affidavit that indicates the authority to represent you as it pertains to your request. This documentation should be provided to Privacy@BlinkHealth.com.
Changes to these State Disclosures
We reserve the right to amend these State Disclosures at our discretion and at any time. When we make changes, we will post the updated State Disclosures on our website and update the effective date. Your continued use of our Website or Mobile App following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which Blink collects and uses your Personal Information, your rights regarding such Personal Information, how you can exercise your rights, or any other inquiries related to the State Privacy Laws, please do not hesitate to contact us by:
• Calling us at 844-265-6444
• Emailing us at info@blinkhealth.com
• Mailing us at
Blink Health
Attention: Privacy Officer
1407 Broadway, Suite 1910
New York, NY 10018
Comments