Caidya privacy policy

Effective Date: October 1, 2022

Caidya (“Caidya”, “we”, us” or “our”) is committed to protecting the privacy and security of your personal information. This Caidya Privacy Policy (“Privacy Policy”) describes the types of personal information and other information we collect from and about you when you interact with us or use our websites, web portals, mobile applications, or other services (collectively, the “Services”) and how we use and share your information.

This Privacy Policy is directed to:

  • Visitors and users of Caidya’s Services (excluding participants in a clinical trial or other research);
  • Individuals who are our clients, consultants, contractors, service providers and vendors; and
  • Any other persons who communicate with us, who provide us with personal information, and/or whose personal information we receive.

As you read this Privacy Policy, please consider the following important information:

  1. This Privacy Policy may contain information not applicable to you because of where you are located or the type(s) of personal information we collect about you.
  2. Certain types of information we collect may be covered under another Caidya privacy policy, such as our privacy policy for Caidya employees, or our privacy policy for healthcare providers who participate in our clinical trials. If your information falls under one of these other privacy policies, then the terms of the other privacy policies will apply.
  3. Our Services may contain links to third party websites (see below). Once you leave our Services, we are no longer responsible for the protection and privacy of any information you provide.

Information We Collect
The types of information that we may collect and receive from you while you use the Services are described in this section and include both information that you provide to us, information that we collect automatically when you use the Services, and information that we collect from third party sources.

Personal Information: Personal information is information from which an individual may be identified directly or indirectly. Personal information may include information such as your name, postal address, telephone number, email address, date of birth, device and browsing information, such as your IP address, and health, financial and professional information.

We may collect personal information that you provide to us through our Services. For example, you may provide your personal information to us: through your completing forms or setting up accounts on one of our websites or web portals; through an enrollment form to register for one of our programs or services; through your requests to receive marketing materials and information about our products or services; by contacting a Caidya customer service department; or by responding to Caidya questionnaires or surveys.

Cookies and other similar technologies: When you use our Services, we may also collect information relating to your usage or visits to our websites and your devices. This information is generally collected using server log files, cookies, “pixel tags,” and tools, such as, Google Analytics.

Server Log Files: Your Internet Protocol (IP) address is an identifying number that is automatically assigned to your computer by your Internet Service Provider (ISP). This number is identified and logged automatically in our server log files whenever you visit our websites, along with the time(s) of your visit(s) and the page(s) that you visited. We use the IP addresses of all visitors to our websites to calculate our websites’ usage levels, to help diagnose problems with website servers, and to administer the websites. We may also use IP addresses to communicate with or block access by visitors who fail to comply with our terms and conditions for use of our Services. Collecting IP addresses is standard practice on the Internet and is carried out automatically by many websites. However, Caidya does not combine traffic data with user accounts.

Cookies: Cookies are data that a web server transfers to an individual’s computer for record-keeping purposes. Cookies are an industry standard used by most websites and help facilitate users’ ongoing access to and use of a particular website. Cookies do not cause damage to your computer systems or files, and only the website that transferred a particular cookie to you can read, modify, or delete such cookie. If you do not want information collected using cookies, there are simple procedures in most browsers that allow you to delete existing cookies, to automatically decline cookies, or to be given the choice of declining or accepting the transfer of cookies to your computer. You can set your browser to refuse cookies, but some portions of our websites may not work properly if you refuse cookies. A session cookie is one that exists for the time-period that your browser is open. A persistent cookie is one that is saved on your device/computer even after the browser is closed. Like many websites, we may use both session cookies and persistent cookies. To find out how to see what cookies have been set and how to reject and delete cookies, please visit //www.aboutcookies.org.

Pixel Tags: Our websites may use so-called “pixel tags”, “web beacons”, “clear GIFs” or similar means (collectively, “pixel tags”) to compile aggregate statistics about website usage and response rates. Pixel tags allow us to count users who have visited certain pages on our websites, to deliver branded services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can tell the sender whether and when the email has been opened.

Google Analytics: We may use Google Analytics, a web analysis service provided by Google, to better understand website usage. Google Analytics collects information such as how often users visit websites, what pages they visit and what other websites they used prior to visiting. Google uses the data collected to track and examine the use of the websites, to share such data with other Google services, or to personalize the ads of its own advertising network. Google’s ability to use and share information collected by Google Analytics is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. To opt-out of analysis by Google Analytics on our websites, please visit //tools.google.com/dlpage/gaoptout.

Our Uses of Personal Information
The personal information that is collected in connection with our Services may be used in any of the following ways:

  • To respond to your requests for information about our products or services;
  • To provide you with marketing communications whether about a particular Caidya product or service, or concerning general information about our products and services;
  • To determine if you are eligible for certain products, services, or programs;
  • To manage or develop our business relationship with you (e.g., to respond to questions, invite you to events, comply with regulatory obligations, or determine eligibility for Caidya programs);
  • To recruit and/or consider you for employment;
  • For our research, development, and collaboration efforts;
  • For regulatory reporting; and
  • For other everyday business purposes, such as payment processing and financial account management, product development, contract management, Site administration, fulfillment, analytics, fraud prevention, corporate governance, reporting, and legal compliance.

The information that we collect from your devices is used to better design our websites. We analyze the information we collect to enhance our websites’ security and to track the popularity of certain pages on the websites, the success of our email notifications, traffic levels on the websites, and other usage data, all of which helps us to provide content tailored to your interests and improve our websites and related Services.

We do not make any decisions about you based solely on automated processing of your information, including profiling, unless we inform you, as required by applicable laws.

How We Share Personal Information
We may share your personal information with third parties with whom we have contracted, as well as affiliates and business partners. We will require these recipients to use your personal information only for appropriate purposes and take appropriate measures to protect your personal information.

In the event that we sell or transfer all or a portion of our business or assets to a third party, such as in the event of a corporate sale, merger, reorganization, dissolution or similar event, we may transfer information that we have collected to such third party. We will require such a third party to continue to comply with this Privacy Policy.

We may disclose information if we believe it is necessary: (a) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to protect the legitimate rights, privacy, property, interests, or safety of Caidya, our patients, business partners, personnel, or the general public; (iii) to pursue available remedies or limit damages; (iv) to enforce our terms and conditions on our products or services; or (v) to respond to an emergency. We reserve the right to disclose personal information when we believe in good faith that such action is necessary to comply with a legal obligation.

In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties when you consent to or request such sharing.

Third Party Advertising

Caidya has relationships with third party advertising companies to place advertisements on this website and other websites, and to perform tracking and reporting functions for this website and other websites. These third party advertising companies may place cookies on your computer when you visit our websites or other websites so that they can display targeted advertisements to you. These third party advertising companies do not collect Personal Data in this process, and we do not give any Personal Data to them as part of this process. However, this Privacy Policy does not cover the collection methods or use of the data collected by these vendors. For more information about third party advertising, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org.

Links To Other Websites

Our websites may contain links to third party websites, which are not operated or controlled by Caidya and for which Caidya is not responsible. The links from the websites do not imply that Caidya endorses or has reviewed the third party websites. Once you leave one of our websites, we are not responsible for the protection and privacy of any information you provide. We suggest contacting those third parties directly for information regarding their privacy practices.

Global Access and Data Transfers

Caidya operates in many countries around the world and your personal information may be accessible to or shared with any of our locations, our affiliates, consultants, contractors, service providers, suppliers and vendors in various countries for the purposes specified in this Privacy Policy.
The laws in certain countries may not provide the same level of protection as the laws in your country or region. When that is the case, and as required by applicable laws, we take steps to protect your information, such as by entering into contracts with recipients of your information or by implementing additional data protection safeguards.

By using our websites or Services or you are otherwise providing information to us, you hereby expressly consent to the transfer of your personal information outside your country or region.

Children’s Privacy Protection
Protecting the privacy of children is especially important to us. We take seriously our obligations under applicable laws concerning the collection of personal information from children. Our Services are not directed to children and we do not knowingly allow children to communicate with us or use any of our websites or Services. We request that children do not provide any personal information through our websites or in connection with the Services. If you are a parent and become aware that your child has provided us with personal information, please contact us at DPO@Caidya.com.

Your Choices and Rights
If you would like your personal information removed from our systems, changed or updated, you can click here and submit the form to DPO@Caidya.com. If requested, we will promptly verify and delete your account and you will no longer receive emails or other communications from Caidya. Your removal from the mailing list or our systems will not remove records of past transactions or delete information stored in our data backups and archives where we are required to keep your data for legitimate business or legal requirements. Data on past transactions and data stored in backups and archives will be deleted in the normal course of our business.

Under certain laws, such as the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA) or China’s Personal Information Protection Law and Cybersecurity Law (including their implementing regulations and national standards), you may have the following rights with respect to your personal information:

  • Your right of access. You may have the right to ask us to provide clear, transparent and understandable information on how we process your personal information, as well as for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process.
  • Your right to rectification. You may have the right to ask us to rectify information you think is obsolete or inaccurate and the right to ask us to complete information you think is incomplete.
  • Your right to deletion of your personal information. You may have the right to ask us to delete your personal information in certain circumstances.
  • Your right to restriction of processing. You may have the right to ask us to restrict the processing of your personal information, during a limited period of time, in certain circumstances.
  • Your right to object to processing. You may have the right to object to processing, in which case, Caidya will no longer process your personal information unless Caidya demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, such as compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
  • Your right to data portability. You may have the right to ask that we transfer the information you gave us from one organization to another or give it to you.
  • Your right to withdraw your consent. If we process your personal information based on your consent, you have the right to withdraw your consent, without this withdrawal affecting the lawfulness of the processing operations previously carried out.
  • Your right to close your account. If you receive our services through online accounts, you have the right to close your accounts. We will then delete or anonymize your personal information associated with your accounts, unless otherwise permitted under applicable laws.Depending on your country of residence and the country where the Caidya entity processing your personal information is established, you may have additional local rights with respect to our processing of your personal information. Please note that some of the personal information that we collect, use and disclose may be exempt from the rights outlined above.

We will respond to your requests within the time period prescribed by applicable laws. Under certain circumstances, Caidya may ask you for specific information to confirm your identity and ensure the exercise of your rights. This is a security measure to safeguard personal information. We will notify you when your request is completed, if we deny your request to exercise your rights (because, for example, an exception applies), or if there is a fee associated with processing your request.

You may designate an authorized agent to exercise your rights on your behalf. In such case, we will also need to verify your agent’s identity and obtain proof of your authorization. We may need to deny a request from an agent whose identity or authorization we cannot verify.

If you believe that Caidya has processed information in a manner that is unlawful or breaches your rights, or has infringed applicable laws, you may have the right to complain directly to your local data protection authority. Without limiting any rights to complain directly to an authority, we are committed to protecting personal information, and complaints may be made directly to us.

We will not discriminate against you for exercising any data subject right you have under applicable law.

Data Security
Caidya stores personal information and other data using reasonable physical, technical and administrative safeguards to secure information and data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while Caidya has endeavored to create secure and reliable websites for our users, the confidentiality of any communication or material transmitted to or from one of our websites or via e-mail cannot be guaranteed. You should take special care in deciding what information you transmit, upload, send, or otherwise submit to Caidya.
In case of a personal information security incident, as required by applicable laws, we will inform you in a timely manner and report the incident to the relevant regulatory authorities.

Data Retention

We retain your information for as long as it is necessary for the purposes set out in this Privacy Policy, unless required by law to retain it for a longer period of time. To determine the appropriate retention period for information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, whether we can achieve those purposes through other means, and all applicable global legal, regulatory, and compliance requirements.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. At a minimum, we will post an updated version on our websites. Caidya encourages you to review this Privacy Policy regularly for any changes. Any changes will be effective immediately upon posting of the revised Privacy Policy, and your continued use of our websites or our Services will be subject to the then-current Privacy Policy.

Contact Us
If you have any questions about this Privacy Policy or about our handling of your personal information, please contact us at: DPO@Caidya.com.

We endeavor to respond to your request as soon as reasonably possible in compliance with all applicable laws.

Additional Information for Individuals in the European Union/European Economic Area, United Kingdom, or Switzerland

We are required to comply with the European Union’s and the United Kingdom’s General Data Protection Regulations (“GDPR”/”UKGDPR”), Switzerland’s Federal Act on Data Protection (FADP) and similar applicable local laws with regards to certain personal information we collect. The data controllers of your personal information are the Caidya entities referenced when we collect your personal information. Please contact us if you have any questions about the controller or controllers of your personal information.

Sensitive Personal Data. We may process special categories of information (e.g., sensitive personal data that reveals racial or ethnic origin or genetic, biometric and health information, etc.) only where you give us your explicit consent, or when our processing is for scientific research purposes, necessary to meet a legal or regulatory obligation, in connection with the establishment, exercise or defense of legal claims, or is otherwise expressly permitted by law. If we need to collect your personal information by law or under the terms of a contract we have with you and you do not provide the requested information, we may not be able to perform the contract we have, or are trying to enter into, with you.

The servers where your personal data are stored may be located in the United States and other countries that have not been deemed by the European Commission to provide an adequate level of protection for personal data. In addition, we may share personal data with our affiliates and external service providers and third parties located outside of the EEA. When we transfer personal data out of the EEA to other countries that have not been deemed adequate, we will implement one or more of the safeguards deemed to provide appropriate safeguards by the European Commission, which may include EU Standard Contractual Clauses, transfers to organizations that protect personal data under binding corporate rules, or transfers to organizations that operate under an approved code of conduct or certification mechanism.