ARMRA Privacy Policy
Last Updated: May 24, 2024
This Privacy Policy applies to the processing of personal information by Rahal Biosciences, Inc. d/b/a ARMRA (“ARMRA,” “we,” “us,” or “our”) including on our website available at https://tryarmra.com/ and our other online or offline offerings which link to, or are otherwise subject to, this Privacy Policy (collectively, the “Services”).
This Privacy Policy does not apply to any third-party websites, services, or applications, even if they are accessible through the Services.
Disclosure Regarding the California Consumer Privacy Act (Notice at Collection). For information on our processing of personal information that is subject to the California Consumer Privacy Act (“CCPA”), please see Annex A – Supplemental CCPA Privacy Policy.
Disclosure Regarding the Supplemental Consumer Health Data Privacy Policy. For information on our processing of “consumer health data” that is subject to the Washington My Health My Data Act or Nevada Senate Bill 370, please see Annex B – Supplemental Consumer Health Data Privacy Policy.
ANNEX A – SUPPLEMENTAL CCPA PRIVACY POLICY
ANNEX B – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY POLICY
ANNEX C – CONSUMER HEALTH DATA AUTHORIZATION
We may update this Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Policy on our website, and/or we may also send other communications.
We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.
We may collect personal information that you provide to us.
We may collect personal information automatically when you use the Services.
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
We may collect personal information about you from third parties. For example, if you access the Services using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings. In addition, users of the Services may upload or otherwise provide personal information about others including via referral features.
We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below.
We use personal information to fulfill our contract with you and provide the Services, such as:
We use personal information for various administrative purposes, such as:
We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.
Some of our marketing activities may be considered a “sale” or “targeted advertising” under applicable privacy laws.
If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.
We may engage in automated decision making, including profiling. ARMRA’s processing of your personal information will not result in a decision based solely on automated processing that has a legal or other similarly significant effect on you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making.
If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.
We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
We may disclose any of the personal information we collect to the categories of third parties described below.
Our service providers, and their third-party providers, may use personal information they process to provide us with services to build and improve their machine learning and artificial intelligence models.
Any personal information shared with a Third-Party Service will be subject to the Third- Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.
Once your personal information is shared with our business partner, it will also be subject to our business partner’s privacy policy. We are not responsible for the processing of personal information by our business partners.
Some of the advertising Technologies we may use include:
We may also share personal information with advertising partners to carry out other advertising activities that do not rely on the use of Technologies. For example, we may share personal information with advertising partners for custom audiences advertising, to participate in data co-op programs, or to send postal mailers.
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.
Your Privacy Choices. The privacy choices you may have about your personal information are described below.
Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of certain tracking on some mobile applications by following the instructions for Android, iOS, and others.
The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the Network Advertising Initiative, the Digital Advertising Alliance, and the European Digital Advertising Alliance.
Please note you must separately opt out in each browser and on each device.
Your Privacy Rights. In accordance with applicable law, you may have the right to:
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below, or for certain rights, click here. We will process such requests in accordance with applicable laws.
Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.
To protect your privacy, we will take steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to confirm the email address we have associated with you.
Some laws may allow you to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.
If your personal information is subject to the applicable data protection laws of the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.
These countries may or may not have adequate data protection laws as defined by the data protection authority in your country. While outside of your jurisdiction of residence, personal information will be subject to local foreign laws, which may permit government and national security agencies to access your information in certain circumstances.
If we transfer personal information from the European Economic Area, Switzerland, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.
For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.
We store the personal information we collect as described in this Privacy Policy for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK General Data Protection Regulation.
ARMRA’s processing of your personal information may be supported by one or more of the following lawful bases:
Privacy Policy Section |
Lawful Basis: Performance of a Contract (i.e., to provide the Services to you) |
Lawful Basis: Legitimate Interest |
Lawful Basis: Consent |
Lawful Basis: For Compliance with Legal Obligations |
Section 3A: Provide the Services |
✔ |
✔ |
✔ |
✔ |
Section 3B: Administrative Purposes |
✔ |
✔ |
✔ |
✔ |
Section 3C: Marketing |
✔ |
✔ |
||
Section 3D: With Your Consent or Direction |
✔ |
✔ |
✔ |
|
Section 3E: Automated Decision Making |
✔ |
✔ |
✔ |
✔ |
The Services are not directed to children under 16 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
ARMRA is the controller of the personal information we process under this Privacy Policy.
If you have any questions about our privacy practices or this Privacy Policy, please contact us at: inquiry@tryarmra.com.
To exercise your rights as detailed in this Privacy Policy, please contact us at: help@tryarmra.com or, for certain rights, click here.
Toll-Free Phone Number: 1 (866) 479-9084ANNEX A – SUPPLEMENTAL CCPA PRIVACY Policy
This Supplemental CCPA Privacy Policy supplements our Privacy Policy and only applies to our processing of personal information that is subject to the CCPA.
Notice at Collection
At or before the time of collection, California residents have a right to receive notice of our privacy practices. California residents can find this information below.
CATEGORIES OF SOURCES FROM WHICH PERSONAL INFORMATION IS COLLECTED
We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources.
Overview of Personal Information Collected, Disclosed, sold, and/or shared
The CCPA provides California residents with the right to know what categories of personal information ARMRA has collected about them, whether ARMRA disclosed that personal information for a business purpose (e.g., to a service provider), whether ARMRA “sold” that personal information, and whether ARMRA “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:
Category of Personal Information Collected by ARMRA |
Category of Third Parties To Whom Personal Information is Disclosed to for a Business Purpose |
Category of Third Parties To Whom Personal Information is Sold and/or Shared |
Identifiers |
|
|
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) |
|
N/A |
Protected classification characteristics under California or federal law |
|
N/A |
Commercial information |
|
|
Biometric information |
|
N/A |
Internet or other electronic network activity |
|
|
Professional or employment-related information |
|
N/A |
Inferences drawn from other personal information to create a profile about a consumer |
|
|
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account |
|
N/A |
Personal information that reveals the contents of a consumer’s mail, email, and text messages unlessARMRA is the intended recipient of the communication |
|
|
Personal information collected and analyzed concerning a consumer’s health |
|
N/A |
USES OF PERSONAL INFORMATION
We may use and disclose the personal information that we collect for the following business and commercial purposes:
RIGHT TO OPT Out of “Sales” of Personal Information and/or “Sharing” for “Cross-Context Behavioral Advertising”
We “sell” your personal information or “share” your personal information for “cross-contextual behavioral advertising” to help provide you with advertising about ARMRA’s products and services.
California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” California residents may exercise these rights by following the instructions posted here.
Disclosure Regarding Individuals Under the Age of 16
ARMRA does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. ARMRA does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”
Disclosure Regarding Sensitive Personal Information
ARMRA only uses and discloses sensitive personal information for the following purposes:
Non-Discrimination
California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
NOTICE OF FINANCIAL INCENTIVE
This Notice of Financial Incentives is to inform you about any programs, benefits, and other financial incentive offerings, including price or service differences (collectively, “Incentive Offerings”), that we may provide in connection with the collection of your personal information so that you may make an informed decision on whether to participate in our Incentive Offerings. Such Incentive Offerings may be deemed “financial incentives” under the CCPA.
The material aspects of any Incentive Offering, along with the personal information collected in connection with an Incentive Offering, will be described at the time you are presented with the Incentive Offering.
Examples of our Incentive Offerings may include:
You can opt-in to an Incentive Offering by following the instructions that accompany the presentation of the Incentive Offering. If you subsequently wish to withdraw from the Incentive Offering, you may request such withdrawal by contacting us as set forth in “Contact Us” above.
Each Incentive Offering may be based upon our reasonable and good-faith determination of the estimated value of such offer to our business, taking into consideration the value of the offer itself and the anticipated revenue generation that may be realized.
ANNEX B – Supplemental Consumer Health Data Privacy POLICY
This Supplemental Consumer Health Data Privacy Policy (“Consumer Health Data Privacy Policy”) supplements the ARMRA Privacy Policy. This Consumer Health Data Privacy Policy only applies to personal information that we process that is “consumer health data” subject to the Washington My Health My Data Act (“MHMDA”) or Nevada Senate Bill 370 (“NV SB 370”) (as applicable).
Terms used in this Consumer Health Data Privacy Policy that are defined in MHMDA or NV SB 370 will have the meaning set forth in those laws to the extent such laws are applicable.
Under the MHMDA, “consumer health data” is defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.”
Under NV SB 370, “consumer health data” is defined as “personally identifiable information that is linked or reasonably capable of being linked to a consumer and that a regulated entity uses to identify the past, present or future health status of the consumer.”
Because consumer health data is defined very broadly, many of the categories of personal information that we collect under our Privacy Policy may also be considered consumer health data.
Examples of consumer health data that you may provide to us, or that we may otherwise collect, may include:
We collect consumer health data that you provide to us, consumer health data we collect automatically when you use the Services, and consumer health data from third-party sources, as described in our Privacy Policy and below.
We collect and use consumer health data for the purposes and in the manner described in the “How We Use Personal Information” section of the Privacy Policy.
Primarily, we collect and use consumer health data as reasonably necessary to provide you with the products or Services you have requested or authorized. This may include delivering and operating the products or Services and their features, personalization of certain product or Services features, ensuring the secure and reliable operation of the products or Services and the systems that support them, troubleshooting and improving the products and Services, and other essential business operations that support the provision of the products and Services (such as analyzing our performance and meeting our legal obligations).
We may also use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law.
We may share each of the categories of consumer health data described above for the purposes described above and in the “How We Use Personal Information” section of the Privacy Policy. In particular, we may share consumer health data with your consent or as reasonably necessary to complete any transaction or provide any product or Service you have requested or authorized, as described above.
We may share consumer health data with the categories of third parties listed in the “How We Disclose Personal Information” section of the Privacy Policy.
MHMDA and NV SB 370 provide consumers with certain rights with respect to consumer health data.
Under MHMDA, consumers have the right to: (i) confirm whether ARMRA is collecting, sharing, or selling consumer health data and to access such data; (ii) withdraw consent from ARMRA’s collection and sharing of consumer health data; and (iii) request that ARMRA delete consumer health data.
Under NV SB 370, consumers have the right to: (i) confirm whether ARMRA is collecting, sharing or selling consumer health data; (ii) have ARMRA provide the consumer with a list of all third parties with whom ARMRA has shared consumer health data relating to the consumer or to whom ARMRA has sold such consumer health data; (iii) request that ARMRA cease collecting, sharing, or selling consumer health data relating to the consumer; and (iv) request that ARMRA delete consumer health data.
The rights afforded to consumers under MHMDA and NV SB 370 are subject to certain exceptions.
You can request to exercise such rights by following the instructions found under the “Your Privacy Choices and Rights” section of the Privacy Policy.
If your request to exercise a right under MHMDA or NV SB 370 is denied, you may appeal that decision by contacting us at: help@tryarmra.com.
If your appeal is unsuccessful and your consumer health data is subject to MHMDA, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.
This section only applies to our processing of consumer health data that is subject to NV SB 370.
When you visit ARMRA’s websites or online services, we may allow third parties to collect consumer health data via Technologies that they may use over time and across different Internet websites or online services.
For more details, see “How We Disclose Personal Information” > “Advertising Partners” in the Privacy Policy.
We may update this Consumer Health Data Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Consumer Health Data Privacy Policy on our website, and/or we may also send other communications.
ANNEX C – CONSUMER HEALTH DATA AUTHORIZATION
This Consumer Health Data Authorization only applies to personal information that we process that is “consumer health data” subject to the Washington My Health My Data Act (“MHMDA”) or Nevada Senate Bill 370 (“NV SB 370”) (as applicable).
If you opt-in to “personalize marketing” via the ARMRA cookie banner, you authorize ARMRA to sell your consumer health data as described below:
Email: help@tryarmra.com
The purchaser of your consumer health data may redisclose the consumer health data sold under this authorization and such data may no longer be protected by the MHMDA and/or NV SB 370.
You may revoke this authorization at any time by using the ARMRA cookie banner. To do so, uncheck the box next to the words “personalize marketing” in the cookie banner and click “Save my choices”. You may also click “Decline all.”
Please note that this will not impact consumer health data that has been previously sold. In addition, if you use different browsers or devices, you must indicate your choices again on each browser/device used to access ARMRA’s website.
If you have any questions about how to revoke your authorization, please contact help@tryarmra.com.
The provision of goods or services may not be conditioned upon you signing this authorization.
This authorization will expire one year after you sign it.