PLEASE NOTE THAT NOYO WILL NEVER SELL YOUR PERSONAL DATA (E.G. NAME, ADDRESS, EMAIL) TO ANY THIRD PARTY

Your privacy is important to us. This privacy statement explains the collection, use, storage and disclosure of personal information by Noyo Technologies, Inc. (“Noyo” or “we”) via the website www.noyo.com (the “Site”) and when you use our products and services, which include applications, software Noyo platform and related services (collectively, the “Services”). 

PERSONAL INFORMATION WE COLLECT

The personal information we collect depends on how you interact with us, the Services you use, the data you provide and the choices you make. It includes personal information that may identify you that is not public information. For this notice, personal information includes but is not limited to protected health information (PHI) transferred to us by third parties. PHI includes demographic information that can be used to identify a person, their health condition(s), or the provision of health care benefits.

Types of protected health information we collect may include:

• Identifier data (such as your name, phone number, physical address, or email address)

• Demographic data (such as your age, gender, or marital status)

• Health details (such as  a medical history)

• Health Insurance information (such as your member ID and coverage details)

• other information used to identify you or that’s linked to your healthcare or healthcare coverage

Types of Personal Information we collect may include:

• Professional Information (such as job title, employment history, and work performance evaluations)

• Educational Information (such as school you may have attended, grades, and graduation timeline)

We collect and process personal information about you with your consent and/or as necessary to provide the Services, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests. We collect information about you in various ways when you use the Services, including information you provide directly, information collected automatically, and third party data sources. If you choose not to provide information necessary for certain Services or features, those Services or features may not be available or function correctly. Below is a categorical description of the information (including personal information) we may collect about you via the Site and Services.

A. Information you provide directly. 

We may collect personal information you provide to us via the Site and Services. For example, the “get started” form on the site asks for your name, email address, job title, company name, and other information you may provide us. 

If you purchase Services, we may collect credit card numbers and other payment information, in addition to basic contact information required for business transactions such as customer support interactions and invoicing or payment arrangements. 

If you apply for a role on Noyo’s career website page, we may also collect certain educational and professional information to determine your qualifications for certain open roles 

B. Information collected automatically. 

When you use our Services, some information is collected automatically. For example, when you visit the Site, our web servers automatically log your computer's operating system, Internet Protocol (IP) address, access times, browser type and language, the website you visited before the Site, and your activity on the Site. 

C. Information from third party sources. 

We obtain information from third parties to deliver our Services, including:

• United States healthcare insurance carriers, which are companies or organizations that provide health insurance coverage to individuals and businesses; and,

• Health insurance benefit administrators, also known as benefits managers, that manage employee benefit programs, including health insurance.

• Third party websites that display employment opportunities such as certain demographic, identifying, professional, and educational information. 

Third parties will supply us with information about the insured healthcare members, prospective employees, and current employees to Noyo, including personal information, employment information, protected health information, or health insurance benefits information. Additionally, they might provide details regarding employees' insurance enrollment choices, contribution amounts, and business contact information.

We process personal information and/or protected health information on behalf of these third party sources for the purposes they have determined and protect information obtained from third parties according to the practices described in this statement, plus any additional legal or contractual restrictions imposed by the source or controller of the information. 

You have several rights concerning your personal information, including the right to access, rectify, restrict processing, and request the deletion of your data. These rights can be exercised through the third party directly.

HOW WE USE PERSONAL INFORMATION

We use personal information collected through our Site and Services and third party partners for purposes described in this privacy statement or otherwise disclosed to you. For example, we use personal information to provide and deliver our Services, including securing, troubleshooting, improving, and personalizing those Services; operate our business, such as improving our internal operations, securing our systems, and detecting fraudulent or illegal activity; understand you and your preferences to enhance your experience and enjoyment using our Services; provide customer support and respond to your questions; send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages; communicate with you about new products and services, offers, promotions, rewards, contests, upcoming events, and other about our Services and those of our selected partners (see the Choice and Control section of this privacy statement for how to change your preferences for promotional communications); and provide our customers with reports, market insights, and trends based on the aggregation of data.

HOW AND WHEN WE SHARE PERSONAL INFORMATION

We share personal information with your consent or as necessary to provide the Services you have requested or authorized. For example, when you provide payment data to make a purchase, we will share that data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services. We will also share personal information with the parties you designate to perform the requested services between insurance brokers and insurers. 

In addition, we share personal information with vendors or sub-contractors working on our behalf for the purposes described in this statement. The companies are required to abide by certain obligations outlined in our Data Processing Agreement, including compliance with all applicable privacy laws and regulations. For example, companies we have hired to provide cloud hosting services or assist in protecting and securing our systems. These services may need access to personal information to provide those functions. In such cases, these companies must abide by data privacy and security requirements and are not allowed to use personal information they receive from us for any other purpose. We may also disclose personal information as part of a corporate transaction such as a merger, transfer, divestiture, or sale of all or a portion of our business or assets.

Finally, we will access, transfer, disclose, and preserve personal information when we have a good faith belief that doing so is necessary to: comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; protect our customers, for example to prevent spam or attempts to defraud users of our Services; and operate and maintain the security of our Services, including to prevent or stop an attack on our computer system or networks; or protect our rights or property, including enforcing the terms of our agreements. 

CHOICE AND CONTROL OF PERSONAL INFORMATION

Access, correction, and deletion. If you wish to request access to, or correction or deletion of, personal information about you that we hold, please contact us at legal@noyo.com. To the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable, excessive, or prohibited by law, could adversely affect the privacy or other rights of another person, or where we cannot confidently verify you as the person to whom the data relates or an authorized third party.  

Communications preferences. You can choose whether you wish to receive promotional communications from us. If you receive promotional emails or messages from us and would like to stop, you can do so by following the directions in that message or by contacting us at legal@noyo.com. These choices do not apply to mandatory service communications that are part of certain of our Services, or to surveys or other informational communications that may have their own unsubscribe method. 

RETENTION OF PERSONAL INFORMATION

We retain personal information for as long as necessary to provide the Services and fulfill the transactions that either you or our customers have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different Services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. 

LOCATION OF PERSONAL INFORMATION

The personal information we collect may be stored and processed in your country or region, or in any other country where we or our service providers maintain facilities. 

Currently, we store data received through our Site and Services in the United States. 

The storage location(s) are primarily chosen to comply with our legal or contractual obligations. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located.

SECURITY OF PERSONAL INFORMATION

We provide reasonable technical and administrative controls to help protect the confidentiality, integrity, and availability of personal information designed to prevent unauthorized access, use, disclosure, alteration, and destruction. For example, only authorized employees are permitted to access personal information. Moreover, we encrypt sensitive information in transit and at rest.  

HIPAA Compliance

We align our internal controls and business practices to comply with the Health Insurance Portability and Accountability Act (HIPAA) federal law and related regulations to protect the privacy and security of Protected Health Information (PHI). We implement administrative, physical, and technical safeguards to protect PHI in compliance with HIPAA standards. In the event of a breach of PHI, we will notify impacted parties, as required by the HIPAA regulation and associated laws.

JURISDICTION-SPECIFIC NOTICES

A. Your Rights under California Online Protection Act (“CalOPPA”)

We do not support Do Not Track (“DNT”). DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the Preferences or Settings page of your web browser.

In accordance with CalOPPA, we agree to the following:

• Site users can visit our site anonymously

• Site users will be notified of any privacy policy changes on our Privacy Policy page

• Site users are able to change their personal information (as defined by CalOPPA) by emailing us at legal@noyo.com 

B. Your Rights under the General Data Privacy Regulation (“GDPR”)

If you are a resident of the European Union (EU) and European Economic Area (EEA), GDPR affords you certain rights. These include:

• The right to access, delete, or update the information we have on you

• The right to have your information rectified if that information is incomplete or incorrect

• The right to object to our processing of your data

• The right to request that we restrict the processing of your data

• The right to request a copy of your personal data in machine-readable and commonly used format

• The right to withdraw your consent at any time where we rely on your consent to process your personal information

To exercise any of the above rights, please send a request to legal@noyo.com. We may ask you to verify your identity before responding to such requests.

Additionally, you have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

C. Your Rights under the California Consumer Privacy Act (“CCPA”) 

If you reside in California, you are afforded certain rights under the CCPA.

Your Rights

1. Right to Know

You have the right to know what personal information we have collected about you, including the categories of personal information, the categories of courses from which the personal information is collected, the business or commercial purpose for collecting, selling or sharing personal information, and the specific pieces of personal information we collected about you. 

2. Right to Access

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.

• The categories of sources for the personal information we collected about you.

• Our business or commercial purpose for collecting or sharing that personal information.

• The categories of third parties with whom we share that personal information.

• The specific pieces of personal information we collected about you (also called a data portability request).

• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

3. Right to Limit Sharing of Sensitive Personal Information 

You have the right to request that we limit the use and disclosure of your Sensitive Personal Information, subject to certain exceptions. We use your Sensitive Personal Information to perform the services reasonably expected. We may also use your Sensitive Personal Information to ensure the security and integrity of your Personal Information, conduct non-personalized advertising, perform services on behalf of our business, and undertake activities to improve or enhance our services.

4. Your Right to Correct

You have the right to request that we correct any inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information as you direct, pursuant to § 1798.130 and regulations adopted pursuant to paragraph (8) of subdivision (1) of § 1798.185.

5. Your Right to Delete

California residents have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions. 

6. Right to Opt-Out of Sale or Sharing of Personal Information

California residents have the right to “opt out” of the “sale”  or “sharing” of your “personal information” to “third parties”. In the past 12 months we have sold the following categories of personal information: NONE

7. Your Right not to receive Discriminatory Treatment

You have a right not to be discriminated or retaliated against for the exercise of your privacy rights under the CCPA.

You may ask us to provide you with what personal information we have collected up to two times in a rolling twelve-month period. When you make this request, the information we provide may be limited to the personal information we collected about you in the previous year.

Please note that Noyo does not sell your personal information and we will not discriminate against you under any circumstances for exercising your rights in connection with the CCPA. To exercise your California data protection rights described above, please send a request to legal@noyo.com.

OUR COMMITMENT TO CHILDREN’S PRIVACY

At Noyo we take children’s privacy very seriously and our Sites and Services are designed for business and not for use by any person under the age of 18 (each, a “Child”). If you are a child under 18 years of age, you are not permitted to use the Service and should not send any information about yourself to us through the Website. If you believe that Noyo may have directly collected Personal Information from a Child under the age of 18 please contact us at legal@noyo.com to let us know.  We’ll work with you to make sure that information is removed from our Site and Services, as applicable.

CHANGES TO THIS PRIVACY STATEMENT

We will update this privacy statement when necessary to reflect changes in our Services, how we use personal information, or the applicable law. When we post changes to the statement, we will change the "Last Updated" date at the top of the statement.  If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law. 

HOW TO CONTACT US

If you have a privacy concern or inquiry for Noyo, please contact us at legal@noyo.com or via our address: 18 Bartol Street, #122, San Francisco, CA 94108 USA.