privacy policy

Privacy Policy

This Privacy Policy for Hume Health LLC (trading as Hume) ("Hume", "we", "us" or "our") describes how and why we collect, store, use and/or share ("process") your information when you use our services ("Services"), for example, when you:

• Visit our website https://de.humehealth.com/ or any other website of ours that links to this Privacy Policy.

• Download or use our mobile application (Hume Health) or any of our other applications that link to this Privacy Policy.

• Interact with us in other ways, including through sales, marketing, or events.

Do you have any questions or concerns? This Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our services. If you have any further questions or concerns, please contact us at support@myhumehealth.com.

SUMMARY OF KEY POINTS

This summary outlines the key points of our Privacy Policy. However, you can find more details on each of these topics by clicking the link after each key point or using our table of contents below to find the section you're interested in. You can also click here to go directly to our table of contents.

What personal data do we process?

When you visit, use, or navigate our Services, we may process Personal Data based on how you interact with Hume Health and the Services, the choices you make, and the products and features you use. Click here to learn more.

Do we process sensitive personal data?

We may process sensitive personal data where necessary with your consent or where otherwise permitted by applicable law. Click here to learn more.

Do we receive any information from third parties?

We may receive information from public databases, marketing partners, social media platforms, and other external sources. Click here to learn more.

How do we process your information?

We process your data to provide, improve, and manage our services, communicate with you, prevent security and fraud, and comply with legal requirements. With your consent, we may also process your data for other purposes. We only process your data when we have a valid legal reason to do so. Click here to learn more.

In what situations and with which parties do we share personal data?

We may share information in certain situations and with certain categories of third parties. Click here to learn more.

How do we protect your data?

We have implemented organizational and technical processes and procedures to protect your personal information. However, no electronic transmissions over the Internet or information storage technologies can be guaranteed to be 100% secure. Therefore, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and unlawfully collect, access, steal, or alter your information. Click here to learn more.

What rights do you have?

Depending on your geographical location, applicable data protection laws may mean you have certain rights regarding your personal data. Click here to learn more.

How can you exercise your rights?

The easiest way to exercise your rights is to complete our data protection request form, which you can find here, or by contacting us. We will review and act on each request in accordance with applicable data protection laws.

Would you like to learn more about what Hume Health does with the data we collect?

Click here to read the full announcement.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. What legal basis do we rely on to process your personal data?
4. WHEN AND TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
7. WILL YOUR DATA BE TRANSFERRED INTERNATIONALLY?
8. HOW LONG DO WE KEEP YOUR DATA?
9. HOW IS YOUR DATA KEEPED SECURELY?
10. DO WE COLLECT INFORMATION FROM MINORS?
11. WHAT RIGHTS DO YOU HAVE REGARDING DATA PROTECTION?
12. DO-NOT-TRACK CONTROLS
13. Do California residents have special privacy rights?
14. Do Virginia residents have special privacy rights?
15. ARE WE MAKING UPDATES TO THIS NOTICE?
16. HOW CAN YOU CONTACT US REGARDING THIS NOTICE?
17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you provide to us

In short :

We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register for the Services, express interest in learning more about us or our products and services, participate in activities on the Services, or otherwise contact us.

Personal information you provide .

The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include:

Names

Telephone numbers

Email addresses

Postal addresses

Username

Passwords

Contact preferences

Contact or authentication data

Billing addresses

Debit/credit card numbers

Size

Weight

Old

Activity level

Body composition data

Sensitive information.

Where necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive data:

Health data

biometric data

Payment details .

We may collect data necessary to process your payment when you make purchases, such as your payment method number and the security code associated with your payment method. All payment data will be processed by “______” is stored. The link to the privacy policy can be found here: “______” .

Social media login details. We may offer you the opportunity to register with us using your existing social media account details, such as your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the data described in the "HOW DO WE PROCESS YOUR SOCIAL LOGINS?" section.

Application data .

When you use our application(s), we may also collect the following information if you grant us access or permission to do so:

Geolocation data .

We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you would like to change our access or permissions, you can do so in your device settings.

Access to mobile devices .

We may request access or permission for certain features of your mobile device, including Bluetooth, sensors, reminders, camera, and other features of your mobile device. If you would like to change our access or permissions, you can do so in your device's settings.

Data via mobile devices.

We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version, and system configuration information, device and application identification numbers, browser type and version, hardware model, internet service provider and/or mobile operator, and internet protocol (IP) address (or proxy server). When you use our application(s), we may also collect information about the telephone network connected to your mobile device, your mobile device's operating system or platform, the type of mobile device you use, your mobile device's unique device ID, and information about the features you access within our application(s).

Push notifications.

We may request push notifications about your account or certain features of the application(s). If you do not wish to receive these types of communications, you can disable them in your device settings.

This information is primarily needed to maintain the security and operation of our application(s), to troubleshoot errors, and for our internal analytics and reporting.

All personal information you provide to us must be true, complete and accurate, and you must inform us of any changes to that personal information.

Automatically collected information

In Short: Some information—such as your Internet Protocol (IP) address and/or browser and device characteristics—is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your identity (such as your name or contact details), but may include device and usage data, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, as well as for our internal analytics and reporting purposes.

Like many other companies, we collect information through cookies and similar technologies.

The information we collect includes:

• Log and Usage Data . Log and Usage Data is service-related, diagnostic, usage, and performance information that our servers automatically collect when you access or use our Services and that we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings, information about your activities on the Services (such as date/time stamps associated with your usage, pages and files viewed, searches and other actions such as the features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
• Device Data. We collect Device Data, such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device you use, this Device Data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location data. We collect location data, such as information about your device's location, which may be precise or imprecise. The amount of information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of the collection of this data by either denying access to this data or disabling the location setting on your device. However, if you choose not to do so, you may not be able to use certain aspects of the Services.

The information we collect includes:

Log and Usage Data. Log and Usage Data is service-related, diagnostic, usage, and performance information that our servers automatically collect when you access or use our Services and that we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings, information about your activities on the Services (such as date/time stamps related to your usage, pages and files viewed, searches and other actions such as the features you use), information about device events (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).

Device Data. We collect Device Data, such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device you use, this Device Data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

Location data. We collect location data, such as information about your device's location, which may be precise or imprecise. The amount of information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of the collection of this data by either denying access to this data or disabling the location setting on your device. However, if you choose not to do so, you may not be able to use certain aspects of the Services.

Information collected from other sources

In short: We may collect limited data from public databases, marketing partners, social media platforms, and other external sources.

To enhance our ability to provide you with relevant marketing, offers, and services, and to update our records, we may receive information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), internet protocol (IP) addresses, social media profiles, social media URLs, and custom profiles for the purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g., Facebook or Twitter), we will receive personal information about you, such as your name, email address, and gender. Any personal information we collect from your social media account will depend on the privacy settings of your social media account.

2. HOW DO WE PROCESS YOUR INFORMATION?

In short:

We process your data to provide, improve, and manage our services, to communicate with you, for security and fraud prevention, and to comply with laws. With your consent, we may also process your data for other purposes.

Depending on how you interact with our services, we process your personal data for various reasons, including:

To facilitate account creation and authentication and to otherwise manage user accounts.

We may process your information to enable you to create and log in to your account and to maintain your account in working order.

To provide and facilitate the provision of services to the user.

We may process your data to provide you with the requested service.

To respond to user inquiries/provide support to users .

We may process your data to respond to your requests and resolve any issues you may have with the requested service.

To send you administrative information.

We may process your data to send you information about our products and services, changes to our terms and policies, and similar information.

To process and manage your orders.

We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

To request feedback .

We may process your data where necessary to request feedback and contact you about your use of our services.

To send you marketing and promotional communications.

We may process the personal data you provide to us for our marketing purposes if this is in line with your marketing preferences. You can unsubscribe from our marketing emails at any time. For more information, please visit “ WHAT ARE YOUR PRIVACY RIGHTS? " further down).

To send you targeted advertising.

We may process your data to develop and display personalized content and advertising tailored to your interests, location, and more.

To protect our services.

We may process your information as part of our efforts to keep our services secure, including monitoring and preventing fraud.

To identify usage behavior

To better understand and improve the use of our services, we collect information about your usage. This includes data about how you interact with our services, the features you use, how often you use the services, and what content is of interest to you. This data helps us personalize the user experience and optimize the performance of our services. We use technologies such as cookies and similar tracking mechanisms to analyze your usage and ensure that we can provide you with the best possible experience.

The information collected will only be used for the purposes stated in this privacy policy and will not be shared with third parties unless necessary to comply with legal requirements or to improve our services.

3. What legal basis do we rely on to process your data?

In short:

We will only process your personal data when we believe it is necessary and we have a valid legal reason (i.e., a lawful basis) to do so under applicable law, for example, with your consent, to comply with laws, to provide you with services, to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or the UK, this section applies to you.

The General Data Protection Regulation (GDPR) and the UK GDPR require us to explain the valid lawful grounds we rely on to process your personal data. We may rely on the following lawful grounds to process your personal data:

Consent.

We may process your data if you have given us permission (i.e., your consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Click here to learn more.

Fulfillment of a contract.

We may process your personal data when we believe it is necessary to fulfill our contractual obligations to you, including providing our services, or at your request before entering into a contract with you.

Legitimate interests.

We may process your data when we believe it is necessary to pursue our legitimate business interests and these interests do not override your interests and fundamental rights and freedoms. For example, we may process your personal data for some of the purposes described below:

• To send information about special offers and discounts on our products and services.

• To develop and display personalized and relevant advertising content for our users.

• To analyze how our services are used so we can improve them and engage and retain users.

• To support our marketing activities.

• To diagnose problems and/or prevent fraudulent activities.

• To understand how our users use our products and services so we can improve the user experience.

Legal obligations.

We may process your data if we believe it is necessary to comply with our legal obligations, such as to cooperate with a law enforcement agency or regulator, to exercise or defend our legal rights, or to disclose your data as evidence in legal proceedings to which we are involved.

Important interests.

We may process your data where we believe it is necessary to protect your vital interests or the vital interests of a third party, for example, in situations where a person's safety is at risk.

If you are in Canada, this section applies to you.

We may process your data if you have given us explicit permission to use your personal information for a specific purpose (i.e., explicit consent), or in situations where your consent can be inferred (i.e., implied consent). You can withdraw your consent at any time. Click here to learn more.

In some exceptional cases, we may be legally permitted under applicable law to process your data without your consent, for example:

If the collection is clearly in the interest of a person and consent cannot be obtained in a timely manner.

For investigations and to detect and prevent fraud.

For business transactions, provided certain conditions are met.

If they are contained in a witness statement and the collection is necessary to assess, process or settle an insurance claim.

To identify injured, sick or deceased persons and to communicate with next of kin.

If we have reasonable grounds to believe that a person has been, is or may be a victim of financial abuse.

Where it is reasonably expected that the collection and use with consent would affect the availability or accuracy of the information, and the collection is appropriate for purposes related to the investigation of a breach of contract or a violation of the laws of Canada or a province.

When disclosure is necessary to comply with a subpoena, search warrant, court order, or court rules regarding the production of records.

If it was created by an individual in the course of their employment, business or profession and the collection is consistent with the purposes for which the information was created.

If the collection is carried out exclusively for journalistic, artistic or literary purposes.

If the information is publicly available and specified in the regulations.

4. WHEN AND TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?

In short:

We may share information in certain situations described in this section and/or with the following categories of third parties.

Suppliers, consultants and other third-party service providers.

We may share your information with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to that information to do that work. We have contracts with our third parties designed to protect your personal information. This means they cannot do anything with your personal information unless we instruct them to do so. They also will not share your personal information with any organization other than us. They also agree to protect the data they hold on our behalf and to retain it for the period specified by us. The categories of third parties with whom we may share personal information are as follows:

• Data analysis services
• Financial and accounting tools
• Provider of order processing services
• Payment processors
• Performance monitoring tools
• User account registration and authentication services
• advertising networks
• Test tools
• Sales and marketing tools
• Retargeting platforms
• Tools for product development and design
• Cloud computing services
• Tools for communication and collaboration
• Website hosting service provider
• Affiliate marketing programs
• Data storage service providers

We may also need to share your personal information in the following situations:

Business transfers.

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

Affiliated companies.

We may share your information with our subsidiaries, in which case we will require those subsidiaries to comply with this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Offer wall.

Our application(s) may display an "Offer Wall" hosted by a third party. Such an Offer Wall allows third parties to offer users virtual currency, gifts, or other items in exchange for accepting and completing a promotional offer. Such an Offer Wall may appear within our application(s) and may be displayed to you based on certain data, such as your geographic region or demographic information. If you click on an Offer Wall, you will be redirected to an external website owned by other people and will leave our application(s). A unique identifier, such as your User ID, will be shared with the Offer Wall provider to prevent fraud and credit the applicable reward to your account.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar tracking technologies (such as web beacons and pixels) to retrieve or store information. Specific information about how we use such technologies and how to refuse certain cookies can be found in our Cookie Notice.

In short: We may use cookies and other tracking technologies to collect and store your information

6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In short:

If you register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the opportunity to register and log in using your third-party social media account details (for example, your Facebook or Twitter logins). When you do so, we receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider, but often includes your name, email address, friends list, and profile picture, as well as other information you choose to make public on such social media platform.

We will only use the information we receive for the purposes described in this Privacy Policy or otherwise disclosed to you on the respective services. Please note that we have no control over, and are not responsible for, the third-party social media provider's use of your personal information. We encourage you to read their privacy notices to understand how they collect, use, and share your personal information, and how to set your privacy preferences on their websites and apps.

7. WILL YOUR DATA BE TRANSFERRED INTERNATIONALLY?

In short:

We may transfer, store and process your data in countries other than your home country.

Our servers are located in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed at our facilities and by third parties with whom we share your personal information (see "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?" above) in the United States and other countries.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), these countries may not have data protection laws as comprehensive or similar to those in your country. However, we will take all necessary measures to protect your personal data in accordance with this Privacy Policy and applicable law.

The European Commission’s standard contractual clauses:

We have taken measures to protect your personal data, including through the use of the European Commission's Standard Contractual Clauses for the transfer of personal data between our group companies, as well as between us and our third-party service providers. These clauses require all recipients to protect all personal data they process from the EEA or the UK in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners; further details can be provided upon request.

8. HOW LONG DO WE STORE YOUR DATA?

In short:

We will retain your information for as long as necessary to fulfill the purposes set out in this privacy policy, unless required by law.

We will only retain your personal data for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., for tax, accounting, or other legal reasons). None of the purposes set out in this notice will require us to retain your personal data for longer than two (2) months after the termination of your user account.

When we have no other legitimate business need to process your personal data, we will either delete or anonymize such data or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

9. HOW DO WE PROTECT YOUR DATA?

In short:

We strive to protect your personal data through a system of organizational and technical security measures.

We have taken appropriate and reasonable technical and organizational security measures to ensure the security of the personal data we process. However, despite our safeguards and efforts to protect your data, no electronic transmission over the Internet or information storage technology can be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to overcome our security and unlawfully collect, access, steal, or modify your data. While we will do our best to protect your personal data, the transmission of personal data to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. DO WE COLLECT INFORMATION FROM MINORS?

In short:

We do not knowingly collect data from or market to children under the age of 18.

We do not knowingly solicit data from or market to children under the age of 18. By using the Services, you represent that you are at least 18 years old, or that you are the parent or guardian of such a minor and consent to such minor's use of the Services. If we learn that personal information has been collected from users under the age of 18, we will deactivate the account and take reasonable measures to promptly delete such information from our records. If you learn of any information we have collected from children under the age of 18, please contact us at support@myhumehealth.com.

11. WHAT ARE YOUR DATA PROTECTION RIGHTS?

In short:

In some regions, such as the European Economic Area (EEA), the United Kingdom (UK), and Canada, you have rights that give you more access to and control over your personal information. You can review, change, or cancel your account at any time.

In some regions (such as the EEA, the United Kingdom, and Canada), you have certain rights under applicable data protection laws. These include, among other things, the right to (i) request access to and receive a copy of your personal data, (ii) request rectification or erasure, (iii) restrict the processing of your personal data, and (iv) where applicable, request data portability. Under certain circumstances, you also have the right to object to the processing of your personal data. You can make such a request by contacting us using the contact details provided in the "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" section below.

We will review and act on each request in accordance with applicable data protection laws.

If you are located in the EEA or the UK and believe we are unlawfully processing your personal data, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are located in Switzerland, you can find the contact details of the data protection authorities here: https://www.edoeb.admin.ch/edoeb/en/home.html.

Withdrawal of your consent:

If we rely on your consent to process your personal data, which may be express and/or implied consent depending on applicable law, you have the right to withdraw your consent at any time. You may withdraw your consent at any time by contacting us using the contact details provided in the "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" section below.

Please note, however, that this will not affect the lawfulness of processing before the withdrawal or, where permitted by applicable law, the processing of your personal data based on lawful processing grounds other than consent.

Unsubscribe from marketing and promotional communications:

You can unsubscribe from our marketing and promotional communications at any time by clicking the unsubscribe link in the emails we send, replying "STOP" or "UNSUBSCRIBE" to the text messages we send, or contacting us using the contact information provided in the "HOW CAN YOU CONTACT US ABOUT THIS NOTICE" section below. You will then be removed from our marketing lists. However, we may still communicate with you, for example, to send you service-related messages necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account information

If you would like to review or change the information in your account or cancel your account at any time, you can do so:

Log in to your account settings and update your user account.

Contact us using the contact information provided.

If you choose to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal policies, and/or comply with applicable legal requirements.

Cookies and Similar Technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove or reject cookies. If you choose to remove or reject cookies, it may affect certain features or services on our Services. To opt out of interest-based advertising by advertisers on our Services, visit http://www.aboutads.info/choices/.

If you have any questions or comments about your privacy rights, you can email us at support@myhumehealth.com.

12. DO-NOT-TRACK CONTROLS

Most web browsers and some mobile operating systems and applications include a "Do Not Track" feature or setting you can activate to signal your preference not to have data about your online browsing activities monitored and collected. At this time, no uniform technology standard has been established for the recognition and implementation of DNT signals. Therefore, we do not currently respond to DNT browser signals or other mechanisms that automatically communicate your preference not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about this practice in a revised version of this privacy notice.

13. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In short:

Yes, if you are a California resident, you have certain rights regarding access to your personal information.

Pursuant to California Civil Code Section 1798.83, also known as the "Shine The Light" law, our users who are California residents may request and obtain from us once a year and free of charge information about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information below and provide the email address associated with your account and a statement that you reside in California. We will ensure that the data is not publicly displayed on the Services. However, please be aware that we may not completely or comprehensively remove the data from all of our systems (e.g., backups, etc.).

CCPA Privacy Notice

The California Code of Regulations defines a “resident” as:

(1) any person who is not merely a temporary or transitory resident of the State of California, and

(2) any person who is a resident of the State of California and who is outside the State of California for a temporary or transitory purpose.

All other persons are defined as “non-residents.”

If this definition of “resident” applies to you, we must comply with certain rights and obligations with respect to your personal data.

What categories of personal data do we collect?

In the past twelve (12) months, we have collected the following categories of personal data:

Categories of information	Example data	Recorded
A. Identifiers	Contact information, such as real name, alias, postal address, telephone or mobile number, unique personal identifier, online identifier, Internet Protocol address, email address and account name	YES
B. Personal Information Categories Listed in the California Customer Data Act	Name, contact information, education, employment, employment history and financial information	YES
C. Protected classification characteristics under California or federal law	Gender and date of birth	YES
D. Commercial Information	Transaction information, purchase history, financial details and payment information	YES
E. Biometric Information	Fingerprints and voiceprints	NO
F. Internet or other similar network activities	Browsing history, search history, online behavior, interest data and interactions with our and other websites, applications, systems and ads	YES
G. Geolocation data	Location of the device	YES
H. Audio, electronic, visual, thermal, olfactory or similar information	Images and audio, video or conversation recordings created in connection with our business activities	NO
I. Professional or employment-related information	Business contact details to provide you with our services on a business level, or job title, employment history and professional qualifications if you apply for a job with us	NO
J. Information about training	Student records and directory information	NO
K. Inferences from other personal information	Inferences drawn from the personal data collected above to create a profile or summary, e.g. about a person’s preferences and characteristics	YES
L. Sensitive personal data	Account credentials, debit or credit card numbers, and health data	NO

YES

We use and store the personal information collected for as long as necessary to provide the services or for the use of:

Category A - As long as the user has an account with us

Category B - As long as the user has an account with us

Category C - As long as the user has an account with us

Category D - As long as the user has an account with us

Category F - 6 months

Category G - 6 months

Category K - 6 months

Category L - As long as the user has an account with us

Category L information may be used for additional, specified purposes or shared with a service provider or contractor. You have the right to restrict the use or disclosure of your sensitive personal information.

We may also collect other personal information outside of these categories when you interact with us in person, online, by phone, or by mail, such as:

Obtaining assistance through our customer support channels;

Participation in customer surveys or competitions; and

To facilitate the provision of our services and to respond to your inquiries.

How do we use and share your personal information?

Hume Health LLC collects and shares your personal information through:

Targeted cookies/marketing cookies

Cookies for social media

Beacons/Pixels/Tags

For more information about our data collection and sharing practices, please see this Privacy Notice.

You can contact us by email at or using the contact details at the end of this document.

If you appoint an agent to exercise your right to object, we may refuse a request if the agent does not demonstrate that they are authorized to act on your behalf.

Will your data be shared with other people?

We may share your personal information with our service providers pursuant to a written contract between us and the service provider. Each service provider is a for-profit company that processes the data on our behalf and adheres to the same strict data protection obligations required by the CCPA.

We may use your personal information for our own business purposes, such as internal research for technology development and demonstration. This is not considered a "sale" of your personal information.

Hume Health LLC has not sold or shared any personal information with third parties for business or commercial purposes in the preceding twelve (12) months. Hume Health LLC has shared the following categories of personal information with third parties for business or commercial purposes in the preceding twelve (12) months:

Category A. Identifiers, such as contact details such as your real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name.

Category B. Personal information as defined in the California Consumer Privacy Act, such as your name, contact information, education, employment, employment history, and financial information.

Category D. Commercial information, such as transaction information, purchase history, financial details, and payment information.

Category F. Information about internet or other electronic network activity, such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements.

The categories of third parties with whom we have disclosed personal information for business or commercial purposes can be found under „WANN UND MIT WEM TEILEN WIR IHRE PERSÖNLICHEN DATEN?“

Your rights regarding your personal data

Right to request deletion of data - Request for deletion

You can request the deletion of your personal data. If you ask us to delete your personal data, we will comply with your request and delete your personal data, subject to certain exceptions provided by law, such as (but not limited to) the exercise of another consumer's right of free expression, our requirements due to a legal obligation, or processing necessary to protect against illegal activities.

Right to information - Request for information

Depending on the circumstances, you have the right to know:

whether we collect and use your personal information;

what categories of personal data we collect;

the purposes for which the personal data collected will be used;

whether we sell or share personal information with third parties;

the categories of personal information we sold, shared, or disclosed for a business purpose;

the categories of third parties to whom the personal data was sold, transferred or disclosed for business purposes;

the business or commercial purpose for collecting, selling, or sharing personal information; and

the specific personal information we have collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer data that has been de-identified at a consumer request, or to re-identify individual data in order to verify a consumer request.

Right to non-discrimination in the exercise of a consumer's data protection rights

We will not discriminate against you if you exercise your data protection rights.

Right to restrict the use and disclosure of sensitive personal data

If the company collects any of the following information:

Social security data, driving licenses, identity cards, passport numbers

Account credentials

Credit card numbers, information about financial accounts or access data to such accounts

exact geographical location

racial or ethnic origin, religious or philosophical beliefs, trade union membership

the content of emails and text messages unless the company is the intended recipient of the communication

genetic data, biometric data and health data

Data on sexual orientation and sex life

You have the right to instruct the Company to limit the use of your sensitive personal data to that which is necessary to provide the Services.

Once a company has received your request, it may no longer use or disclose your sensitive personal information for any other purpose unless you provide your consent to use or disclose sensitive personal information for any additional purpose.

Please note that sensitive personal data collected or processed without the purpose of drawing conclusions about a consumer's characteristics are not covered by this right, nor are publicly available information.

If you wish to exercise your right to restrict the use and sharing of sensitive personal information, please email support@myhumehealth.com or submit a request form by clicking here.

Review procedure

After receiving your request, we will need to verify your identity to determine if you are the same person about whom we have information in our system. To do this, we will need to ask you for information so that we can match it with information you have previously provided to us. For example, depending on the nature of the request you submit, we may ask you to provide certain information so that we can match the information you provide with information we already have on file, or we may contact you using a communication method (such as telephone or email) that you have previously provided to us. We may also use other verification methods depending on the circumstances.

We will only use the personal information provided in your request to verify your identity or eligibility to make the request. Where possible, we will avoid requesting additional information from you for verification purposes. However, if we cannot verify your identity using the information we already hold, we may ask you for additional information to verify your identity and to ensure security or prevent fraud. We will delete any additional information provided once we have completed verification of your identity.

Other data protection rights

You can object to the processing of your personal data.

You can request the rectification of your personal data if it is inaccurate or no longer relevant, or request the restriction of the processing of this data.

You may designate an authorized agent to submit a request on your behalf under the CCPA. We may deny a request from an authorized agent who does not demonstrate that they are authorized to act on your behalf under the CCPA.

You may request that your personal information not be sold or shared with third parties in the future. Upon receipt of an opt-out request, we will respond to that request.