Privacy Policy

Last Updated: March 8, 2024

California Privacy (see Section 16)
EU/UK Privacy (see Section 18)

CareAR Holdings (“CareAR,” “we,” or “us”) recognizes the importance of data privacy, and this Privacy Policy sets forth the terms and conditions with respect to how we process your personal information. This Privacy Policy describes, among other issues, the types of personal information that we collect, the purposes for which we use it, the types of third parties with whom we share it, and any rights and responsibilities you may have with respect to such personal information.

This Privacy Policy applies to the personal information you provide us when you (i) visit, access, or use any website, mobile application, and online platform that we own, license, or otherwise operate and that links to this Privacy Policy (each, a “Site”), (ii) purchase, access, or use any products, goods, or services through the Site, or (iii) visit our offices or otherwise contact or engage with us. For purposes of this Privacy Policy, the Site and all information, products, goods and services sold or furnished by or to CareAR through a Site shall be referred to collectively as the “Services.”

PLEASE READ THIS PRIVACY POLICY CAREFULLY AS IT DESCRIBES YOUR RIGHTS, RESPONSIBILITIES, AND LIABILITIES. BY ACCESSING OR USING THE SERVICES OR OTHERWISE PROVIDING US WITH PERSONAL INFORMATION, YOU ARE CONSENTING TO THE TERMS OF THIS PRIVACY POLICY AND OUR TERMS & CONDITIONS AND ANY APPLICABLE COOKIE POLICY ON A SITE.

CareAR is headquartered in the United States. For more information on our data transfer practices, please see Section 9 (Data Retention and Localization).

1. Scope
   
   

   This Privacy Policy applies to personal information that CareAR receives during its business operations as a “data controller” - which means we determine the purpose and means of processing such personal information. This Privacy Policy does not apply to the extent CareAR processes personal information as a “data processor” or “service provider” - such as when we process personal information concerning the customers or end-users of our own clients. In these circumstances, CareAR processes personal information in accordance with a data processing agreement, or similar data privacy contractual terms, we have executed with our client (and this Privacy Policy generally does not apply to such processing).

   For purposes of this Privacy Policy, the term “personal information” means any information that, alone or in conjunction with other information or data, identifies or is linked to a particular individual or household and that is subject to, or otherwise afforded protection under, a data protection law, statute, or regulation. The term “personal information” does not include anonymized or de-identified data that is not attributable to a particular individual or household and that is not otherwise subject to a data protection law, statute, or regulation. CareAR may anonymize or de-identify personal information, and such data is not subject to this Privacy Policy, and CareAR may use such data for any purpose.

2. The Types and Categories of Personal Information We Collect
   
   CareAR collects personal information in order to provide our Services, comply with our legal obligations, promote our business interests, and for the other reasons set forth in this Privacy Policy. When you do not provide personal information to CareAR, we may not be able to provide you the Services or to complete a transaction you requested. Generally, we collect the following types and categories of personal information during our business operations:
   

   Personal Information
   Category	Description/Examples
   Personal Identifiers	Identifiers, such as your name, alias, shipping address, email address, account name, telephone number, customer identification number.
   Registration Data	Information provided when you register for an account to use the Site, including usernames and passwords.
   Demographic Data	Data about you such as your country of residence and preferred language.
   Payment Data	Data necessary to confirm that your payment has been processed by our third-party payment processor.
   Online Identifiers (For more information, see “Collection of Technical/Online Data” below)	Persistent identifiers that can be used to recognize you or your device over time and across different services, including a device identifier, an Internet Protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifiers, and similar technology.
   Commercial Information	Records of the Services you purchased, obtained, or considered, or your other purchasing or consuming histories or tendencies with respect to our Services.
   Business Contact Data	Information related to employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, company, partnership, sole proprietorship, nonprofit, or government agency) with whom we conduct, or possibly conduct, business activities.
   Marketing and Communications Data	Information with respect to your marketing preferences and your subscriptions to our publications and alerts.
   Internet and Electronic Network Data	Data pertaining to your access or use of the Site, including browsing history, search history, and information regarding your interaction with the Site or advertisements embedded on the Site or other third-party websites, and information derived from any device that connects to our WiFi services.
   Your Feedback	Information you provide about our Services, which may include data gathered from any CareAR surveys or reviews submitted by you.
   Visitor Information	Information an individual provides when visiting any physical location or premises of CareAR (e.g., visitor logs and registries, vehicle and parking information).
   Video and Images	In some circumstances, you may provide us images (e.g., your use of a product) or we may record you via a video camera (e.g., on-premises security systems) or through video teleconferencing.
   Geolocation Data	We may collect data about your location, which may be either precise or imprecise. Precise location data can be obtained through Global Navigation Satellite System data, as well as through nearby cell towers and Wi-Fi hotspots when you enable location-based products or features. Imprecise location data includes, for example, a location derived from your device or data that indicates where you are located with less precision, such as an internet protocol (IP) address or a city or postal code.
   Professional or Employment Data (For more information, see “Employment Applications and Talent Management” below)	If you apply for a job with CareAR, we collect information set forth in a résumé, curriculum vitae, cover letter, and similar documentation, including contact details, employment history, skills, or qualifications, education-level, job compensation and benefit preferences, criminal record, credit history and similar data, and information provided about or by your references.
   Inferences	Inferences drawn from some of the personal information categories identified herein and used to create a consumer profile reflecting your purchasing and marketing preferences, characteristics, and behavior.
   Product-Related Data	During use of CareAR-produced products on a mobile device, we may receive and record data from your mobile device and network connection including the device model identifier, operating system identification, network signaling, IP Address, date and time the product is used, profile photo, performance of the product, feature use, and GPS coordinates (at user’s discretion). When you install a mobile CareAR application, you will be asked to grant access to your mobile device’s notifications, camera, microphone. Your permission for the product to access these features is needed for the product to function properly. When you grant such permission, we may collect information about your usage of these features. We will also ask you to grant access to your contacts to facilitate your use of the product and only then we will use that information to enable you and your contact to use the Service. CareAR-produced products are not intended for the capture or collection of video representations of individual human subjects. However, our products cannot prevent users from capturing video images of human subjects along with other video data they capture.

3. Collection of Technical/Online Data
   
   In addition, when you access the Site, we collect certain data automatically using technical means and tools. This data relates to your device, as well as your experience on the Site and other websites, including the following:

   Usage and Device Data. When you access and use the Site, we automatically collect details of your access to and use of the Site, including traffic data, usage logs and other communication data, and the resources that you access and use on or through the Site (e.g., browsing history, search history). We may also collect information about your device and internet connection, including the device’s unique identifier (e.g., device type, IMEI, Wi-Fi MAC, IP address), operating system, browser type, and mobile network information. The Site may collect “diagnostic” data related to your use of the Site, such as crash data and logs, performance data (e.g., launch time, hang rate, or energy use), and any other data collected for the purposes of measuring technical diagnostics.

   Cookies and Tracking Data; Social Media. We use “cookies” and other tracking technologies within the Site. A cookie is a small file placed on your smartphone or other device. It may be possible to refuse to accept cookies by activating the appropriate setting on your smartphone or device. However, if you select this setting, some parts of the Site may become inaccessible or not function properly. In addition, the Site may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to analyze data on your use of the Site (e.g., recording the popularity of certain content and verifying system and server integrity). The Site may collect data about the advertisements you have seen or engaged. For more information, see, where available, the Cookie Policy on each Site. From time to time, we may use on our Site certain third-party cookies and pixels provided by our marketing partners, including social media companies. To the extent we use such third-party cookies and pixels, you hereby agree to the terms and conditions set forth by those third parties, which may include Meta, X (formerly Twitter), TikTok, and LinkedIn, among others.

   Site Monitoring. Please be aware that we, and our service providers and partners, use cookies and other tracking technologies within the Site to monitor and record Internet and Electronic Network Data, any and all communications to, from, and on, the Site. For the avoidance of doubt, you hereby acknowledge, agree, and consent to, such monitoring and recording by us and our service providers and partners. Notwithstanding the foregoing, this clause shall not require CareAR from having to monitor and record any such activity.

   Non-Cookie Technologies. We may deploy on our Site certain types of “Non-Cookie Technologies” provided by our service providers to support our digital advertising programs. These technologies often include browser cache, locally stored objects, or the creation of a statistical identifier wherein an identifier, much like a cookie identifier, is calculated based on the characteristics of a browser or device that distinguishes it from other browsers or devices. These identifiers are calculated either from the data your browser or device shares automatically or with additional data specifically requested from your browser or device. For more information, see [here].

4. Sources of Information
   
   

   We collect personal information from the following sources:

   • First Party / Direct Collection. We collect personal information directly from you when you use our Services (e.g., registering accounts, completing purchases, signing up for subscriptions), when you provide a Product Review (as defined below), or whenever you directly engage with us, such as when you visit our offices or premises or otherwise contact us.
   • Automated Collection. As described above, we may collect information and data, such as usage data and cookies, through automated means when you use the Site (see “Technical Data” above).
   • Third-Party Sources. We also obtain data from third parties. These third-party sources vary over time, but they are sources deemed credible by us and may be publicly available or available on a commercial basis. They can include: data brokers from which we purchase demographic data to supplement the data we collect; partners with whom we offer branded products or engage in joint marketing activities; fraud prevention agencies or credit reporting agencies in connection with credit determinations, if applicable; publicly available sources such as open government databases or other data in the public domain; social networking providers; advertising companies; and third-party references. If you purchase our products from our distributors and business partners, we may receive certain information about your purchase from them.
5. How We Use your Information / Purpose of Collection
   
   

   We may use the personal information we collect about you in order to perform our Services, comply with our legal obligations, and promote our business interests. Please see below for more information on how we use personal information:

   
   

   How We Use Personal Information
   Provide, operate, maintain, improve, and promote our Services.
   Enable you to access and use our Services.
   Process and complete transactions, and send you related information, including purchase confirmations and invoices.
   Send you messages and communications related to our Services (e.g., responses to your comments, questions, and requests, customer services).
   Furnish technical notices, updates, security alerts, and support and administrative messages to you about our Services.
   Provide you promotional and marketing communications (e.g., information about our Services, features, surveys, newsletters, offers, promotions, contests, and events).
   Process and deliver contest or sweepstakes entries and rewards.
   Monitor and analyze trends, usage, and activities in connection with our Services to promote our business interests.
   Investigate and prevent fraudulent transactions, unauthorized access to or use of our Services, and other illegal activities.
   Personalize our Services, including providing features or advertisements that match your interests and preferences.
   CareAR may collect and use your personal information for any other purpose for which we obtain your consent.

   For the avoidance of doubt, you hereby agree that CareAR may contact you via any means, including via SMS/text message and email (including through the use of autodialing systems and services), to furnish you information regarding a product order, shipping status, warranty-related information, and similar data and information pertaining to a commercial transaction.

6. Sharing Information / Third-Party Disclosures
   

   We may share your personal information with certain organizations and third parties in accordance with applicable law, including as set out below. However, we do not share personal information with third parties that we have reason to believe use such information for their own direct marketing purposes.

   Intra-Group Transfers.We share personal information to our parent organization, and to and among CareAR affiliates and subsidiaries, to efficiently manage the operation of our business.

   Service Providers. We may share your personal information with companies that provide services on our behalf, such as hosting and analyzing the Site, conducting surveys and marketing on our behalf, processing transactions, tracking and responding to consumer questions or complaints, and performing analyses to improve the quality of our Services.

   Payment Card Transactions. All payments for purchases made through the Site are completed using a third-party vendor’s online payment system. CareAR does not have access to your credit card information and does not store or disclose your full credit card information. Any personal or financial information you provide to our online payment system is subject to the third party’s privacy policy and terms of use, and we recommend you review these policies before providing any personal or financial information.

   Distributors and Business Partners. We may share your personal information with third parties that distribute our goods, products, and marketing materials.

   Business Restructuring. Circumstances may arise where, for strategic or other business reasons, CareAR decides to sell, buy, divest, merge or otherwise reorganize our businesses. We may disclose your personal information to the extent reasonably necessary to proceed with the negotiation or with the completion of a merger, acquisition, divestiture or sale of all or a portion of CareAR’s assets.

   Legal; Compliance; Legitimate Interests. We may disclose personal information (i) if required by law or government order, or with a legal process, (ii) to protect and defend our rights or property, or (iii) in urgent circumstances, to protect the health and personal safety of any individual. In addition, CareAR may disclose your personal information with any third party when we believe such disclosure is necessary to defend or protect our legal, regulatory, or business interests. We may also disclose your information upon your express consent.

   Consent. In addition to the reasons for disclosure set forth herein, we may also disclose your personal information upon your consent.

   In the event that you facilitate a transaction with CareAR, or request information from or otherwise engage with us, and such activities require CareAR to share your personal information with a service provider or other third party, you hereby consent to such disclosure and/or direct CareAR to intentionally disclose your personal information to the service provider or third party.

7. Social Media / Platform Data Rights
   
   

   We may engage with you on various social media platforms (e.g., Facebook, Twitter, Pinterest, Instagram). If you contact us on a social media platform for customer support or for other reasons, we may contact you via the social media’s direct message tools. Those communications to and from us are governed by this Privacy Policy. However, your use of a social media platform is also subject to the policies and terms of the relevant social media platform. Certain social media platforms may also automatically provide us with your personal information, and the information we receive will depend on the terms that govern your use of the social media platform(s) and any privacy settings you may have set. The Site includes social media features and widgets (e.g., the “Facebook Like” button, the “Share This” button) or interactive mini-programs that run on the Site. These features may collect your IP address and which Site page you are accessing and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Site. Your interactions with these features are governed by the privacy statement of the relevant social media platform that provides them.

   According to the terms and conditions governing certain social media platforms, you may request that the information, data, or other content we obtain from or through the social media platform (“Platform Data”) be deleted or modified. If you would like Platform Data related to you deleted or modified, please contact us in accordance with the “Contact Us” section below and identify (i) the social media platform at issue and (ii) the Platform Data that you would like deleted and/or modified, and if modified, the modification to said Platform Data. We may also delete Platform Data if requested by the social media platform.

8. Links to Other Websites; Your Direct Third-Party Disclosures
   
   

   As a resource to you, the Site may include links to third-party websites or provide you the opportunity to disclose information directly to third parties. Our Privacy Policy does not apply to such third-party websites or organizations. You assume all privacy, security, and other risks associated with providing any data, including personal information, to third parties via the Services. For a description of the privacy protections associated with providing information to third parties, you should refer to the privacy statements, if any, provided by those third parties. Video Links. We may include videos and similar media players on our Site. When you click on such a video or media player on our Site, (i) you may be redirected to a third party’s website to play the video, or (2) the video may play on our Site, although this functionality may be supported by a third party’s website or technology (e.g., YouTube, YouTube API, Vimeo). In any such case, by playing the videos or similar media players, you shall become subject to the third party’s terms and conditions, including, but not limited to, its terms of service and personal information privacy policies and practices, including the terms governing YouTube and Vimeo.

9. Data Retention and Localization
   
   

   The period during which we retain your personal information varies depending on the purpose for the data processing. For example, we retain personal information for as long as needed to provide you with our Services, to facilitate transactions you have requested, to comply with our legal obligations (e.g., tax filings, export control laws), to engage in marketing activities, and for as long as is necessary to defend our legal or business interests. In all other cases, we retain your personal information for as long as is needed to fulfill the purposes outlined in this Privacy Policy.

   CareAR is based in the United States, and the personal information that we collect and process is retained and stored in the United States, among other jurisdictions. CareAR uses service providers that store personal information on our behalf in the United States and in other countries where you may not be a resident. Please be aware that the United States, and these other countries, may not provide the same level of protection of personal information as in your country, state, or other jurisdiction of residence or nationality, and when transferred to the United States or elsewhere, your personal information may be accessible by, or otherwise made available to, local government authorities and officials pursuant to judicial and/or administrative orders, decrees, and demands, and/or other domestic laws, statutes, and regulations. CareAR does not participate in the U.S. Data Protection Framework. By continuing to provide us such information, you hereby acknowledge and agree that your personal information will be transferred to, and stored in, the United States and in the countries where our service providers are located.

10. Security
    
    

    We seek to protect the security of your personal information and use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. HOWEVER, NO INFORMATION SYSTEM CAN BE FULLY SECURE, AND WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR PERSONAL INFORMATION. MOREOVER, WE ARE NOT RESPONSIBLE FOR THE SECURITY OF PERSONAL INFORMATION YOU TRANSMIT TO THE SITE AND/OR THE SERVICES OVER NETWORKS THAT WE DO NOT CONTROL, INCLUDING THE INTERNET AND WIRELESS NETWORKS, AND YOU PROVIDE US WITH ANY PERSONAL INFORMATION AND DATA AT YOUR OWN RISK. TO THE EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE OR OTHERWISE RESPONSIBLE FOR ANY DATA INCIDENT OR EVENT THAT MAY COMPROMISE THE CONFIDENTIALITY, INTEGRITY, OR SECURITY OF YOUR PERSONAL INFORMATION CAUSED BY A THIRD PARTY. The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a username and password to access our Services, you are responsible for maintaining the security and confidentiality of those credentials and not revealing them to others. You must contact us immediately (and in any event within twenty-four (24) hours) if you have reason to believe that your username or password to our Services has been compromised. You acknowledge and agree that we may contact you via email or other electronic communications in the event we are legally required to notify you of a data security incident or event related to your personal information.

11. No Data Collected from Children
    
    

    The Site is not directed at, nor intended for use by, children. As a result, if you are under the age of legal majority in the jurisdiction in which you reside, then you are prohibited from accessing or using the Services (including the Site) or from providing us with your personal information.

12. Publicly Posted Information; Product Reviews
    
    

    You may, from time to time, have the ability to submit via the Site a comment on, provide an opinion about, rate, or otherwise discuss our Services (a “Product Review”). In other circumstances, you may directly provide us feedback, ideas, suggestions and/or contributions on our business, our business sector, or the Services (“Feedback”). Any information or content you post in a Product Review or in your Feedback may be available to other users of the Site (and our social media platforms) and may be retrievable by third-party search engines, and third parties may also be able to download or share your Product Review and Feedback to social media websites or elsewhere. We recommend that you guard your privacy and anonymity and not upload any information in your Product Review and Feedback that you wish to remain confidential. Any third party with access to your information via the Site will be permitted to use the information in the same manner as if you submitted the information directly to that third party. Publicly posting any information on the Site is entirely voluntary on your part, and we recommend you carefully consider the information you choose to make publicly available. As between you and CareAR, any and all Product Reviews and Feedback shall be considered our confidential and proprietary information, and CareAR has the right to use, publish, and disclose such Product Reviews and Feedback in any manner we choose and to display, perform, copy, make, have made, use, sell, and otherwise dispose of CareAR’s and our sub-licensees’ products or services embodying such Product Reviews and Feedback in any manner and via any media we choose, without reference to the source. CareAR shall be entitled to use Product Reviews and Feedback for any purpose without restriction or remuneration of any kind with respect to you and/or your representatives.

13. Your Responsibilities
    
    

    You are permitted, and hereby agree, to only provide personal information to CareAR if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon a person’s data privacy rights or privileges. IF YOU PROVIDE PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO CAREAR, YOU EXPRESSLY REPRESENT AND WARRANT TO CAREAR THAT YOU HAVE THE FULL RIGHT AND AUTHORITY TO PROVIDE CAREAR WITH SUCH PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) AND THAT CAREAR’S USE AND PROCESSING OF SUCH PERSONAL INFORMATION AS SET FORTH HEREIN WILL NOT VIOLATE ANY PERSON’S RIGHTS OR PRIVILEGES, INCLUDING RIGHTS TO PRIVACY. YOU HEREBY AGREE TO FULLY AND COMPLETELY INDEMNIFY CAREAR FOR ANY CLAIMS, HARM, OR DAMAGES THAT MAY ARISE FROM YOUR PROVISION OF PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO CAREAR. YOU ARE PROHIBITED FROM PROVIDING US WITH “CONSUMER HEALTH DATA” OR SIMILAR HEALTH INFORMATION.

14. Updating Your Information

    It is important that the personal information that you provide to us is accurate and reliable. In certain circumstances, you may have the ability to directly edit your account to update and change your personal information (e.g., name, telephone number, email, shipping address), and you must do so when such changes are warranted. If our Site does not provide these capabilities, then you must write to us in accordance with the Contact Us section below so we can update our records.

15. Canada Privacy Rights
    
    

    Personal information will be collected, stored, used and/or processed by CareAR in accordance with this Privacy Policy and CareAR’s obligations under applicable Canadian privacy laws. Pursuant to these Canadian laws, you have a right to request access to your personal information and to request that inaccurate personal information be corrected. If you have submitted personal information to us and would like to have access to it, or have it corrected, please contact us in accordance with the “Contact Us” section listed below. When requesting access to, or correction of, your personal information, we will require that you verify our request via email, and we will request specific data from you to enable us to confirm the authenticity of the request and your identity, and to enable us to search our records and databases. We may charge you a fee to access your personal information, provided that we advise you of any such fee in advance. Your right to access personal information is not absolute, and we may not be able to allow you to access certain personal information in certain circumstances (e.g., if the information contains personal information of other persons or it is subject to legal privilege). In the event that we cannot provide you with access to, or the ability to correct, your personal information, we will use reasonable means to inform you of the reasons why, subject to any legal or regulatory restrictions. To delete your name from our electronic contact lists (text or email), please contact us in accordance with the “Contact Us” section listed below.

16. U.S. State Privacy Rights (California Privacy Rights)
    
    

    Data Privacy Rights.Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA"), California residents are entitled to certain data privacy rights:

    • Right to Know (Specific Pieces of Personal Information). You have the right to know the specific pieces of your personal information that we have collected about you.
    • Right to Know (Categories of Personal Information). You have the right to know (i) the categories of personal information we have collected from you; (ii) the categories of sources from which the personal information is collected; (iii) the categories of your personal information we have sold or disclosed for a business purpose; (iv) the categories of third parties to whom your personal information was sold or disclosed for a business purpose; and (v) the business or commercial purpose for collecting or selling your personal information.
    • Right to Delete. You have the right to request that we delete your personal information that we have collected and retain.
    • Right to Correct. You have the right to request that we correct inaccurate personal information that we have collected and retain.
    • Nondiscrimination. You have the right not to be subject to discrimination for asserting your rights under the CCPA.

    Submit a Privacy Request. To submit a privacy request, you (or your authorized agent) may contact us in accordance with the “Contact Us” section listed below. However, any such authorized agent must be registered with the California Secretary of State to conduct business in California.

    Privacy Request Verification Process. If you (or your authorized agent) make any request related to your personal information, CareAR will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, CareAR will, to the extent required or permitted by law, require you (or your authorized agent) to verify your request via email, request certain contact information or government identifiers, and we will match at least two pieces of such personal information with data that we have previously collected from you before granting you access to, erasing, or correcting, specific pieces or categories of personal information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein, unless you have provided the authorized agent with power of attorney pursuant to California Probate Code §§ 4121 to 4130. None of the CCPA’s rights are absolute, and such rights are subject to legal and regulatory exceptions and exemptions. For more information about the CCPA, please see: https://oag.ca.gov/privacy/ccpa.

    Opt-Out Rights / Do Not Sell My Personal Information. California residents have the right to opt out of the “sale” of their personal information. However, CareAR does not sell your personal information to third parties for profit or monetary or other valuable consideration, and therefore we do not provide opt-out request processes for the sale of personal information (because we do not undertake such activities).

    Opt-Out Rights / Do Not Share My Personal Information. California residents have the right to opt out of the “sharing” of their personal information. CareAR uses third-party analytical and targeted advertising features on our Site and similar web tools provided by our marketing partners, and such features, tools and marketing relationships involve the disclosure of your personal information to third parties and may constitute the “sharing” of your personal information for CCPA purposes. To opt out of this sharing of your personal information in these circumstances, please click on the cookie management tool (sometimes visible as a “Your Privacy Choices” or a “Do Not Sell/Share My Personal Information” link on the footer of the Site) to set your cookie preferences. You, or your authorized agent, may also contact us in accordance with the “Contact Us” section listed below.

    Children. The Site is not directed at, and should not be used by, minors under the age of sixteen (16), and therefore CareAR does not knowingly sell or share the personal information of minors under sixteen (16) years of age.

    Limit Use of Sensitive Personal Information. CareAR does not use or disclose sensitive personal information for reasons other than those set forth in the CCPA, and therefore we do not provide individuals with the ability to limit how we use or disclose such sensitive personal information.

17. U.S. State Privacy Rights (General)
    
    

    Data Privacy Rights. Pursuant to certain U.S. state privacy laws (e.g., Colorado, Connecticut, Montana, Oregon, Utah, Virginia), you may have the following privacy rights with respect to your personal information:

    • To confirm whether or not we are processing your personal information and access such personal information. • To correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information.
    • To delete personal information provided by, or obtained about, you.
    • To obtain a copy of your personal information processed by us, in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

    Submit a Privacy Request. To submit these abovementioned privacy requests, please contact us in accordance with the “Contact Us” section below. Where permitted by U.S. state law, you may designate an authorized agent to submit a privacy request on your behalf.

    Privacy Request Verification Process. If you make any request related to your personal information, CareAR will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, before granting you access to, erasing, or correcting, specific pieces or categories of personal information or otherwise responding to your request, CareAR will, to the extent required or permitted by law, (i) require you (or your authorized agent) to verify your request via email, (ii) request certain contact information or government identifiers, and (iii) match at least two pieces of such personal information with data that we have previously collected from you. None of your privacy rights are absolute, and such rights are subject to exceptions and exemptions.

    Privacy Requests Appeals Process. If you would like to appeal a decision CareAR has made with respect to your privacy request, please email us in accordance with the “Contact Us” section listed below, with the subject line “ATTN: Privacy Appeals,” and describe the nature of your request, and the reason for requesting an appellate review.

    Opt-Out Rights / The Sale of Personal Information. You may have the right to opt out of the “sale” of their personal information. However, CareAR does not sell your personal information to third parties for monetary consideration or other valuable consideration, and therefore we do not provide opt-out request processes for the sale of personal information (because we do not undertake such activities). Nevada residents may submit a request directing us to not sell personal information we maintain about them to third parties who will sell or license their personal information to others. If you would like to exercise this right (even though we do not sell or license personal information), please contact us in accordance with the “Contact Us” section listed below.

    Opt-Out Rights / Targeted Advertising. You may have the right to opt out of having your personal information used for targeted advertising purposes. CareAR uses third-party analytical and targeted advertising features on our Site and similar web tools provided by our marketing partners. To opt out of this sharing of your personal information in these circumstances, please click on the cookie management tool (sometimes visible as a “Your Privacy Choices” link) on the footer of the Site to set your cookie preferences.

    Opt-Out Rights / Profiling. You may have the right to opt out of having their personal information used for profiling in furtherance of decisions that produce legal or similarly significant effects. However, CareAR does not engage in such activities.

    Complaints. You may file a complaint about our data processing activities with your local authorities, which may include the following:

    • The Colorado Attorney General at: https://coag.gov/file-complaint/.
    • The Connecticut Attorney General at: https://portal.ct.gov/DCP/Complaint-Center/Consumers---Complaint-Center.
    • The Montana Attorney General at: https://dojmt.gov/consumer/.
    • The Nevada Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.
    • The Oregon Attorney General at: https://www.doj.state.or.us/consumer-protection/contact-us/.
    • The Texas Attorney General at: https://www.texasattorneygeneral.gov/consumer-protection.
    • The Virginia Attorney General at https://www.oag.state.va.us/contact-us/contact-info.
18. European/UK Privacy Rights
    
    

    Data Privacy Rights.For individuals in the European Economic Area (EEA), Switzerland, and the United Kingdom (UK), you are entitled to the following privacy rights:

    • Right to Know. You may have the right to know about what personal information CareAR collects and processes about you, including the types of personal information we collect and process, the sources of such personal information, our retention criteria, with whom we share your personal information, cross-border data transfers, and how to file complaints and inquiries.
    • Access Rights. You may have the right to ask us whether we process any of your personal information and, if so, receive access to such personal information. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal information concerned as well as any other information necessary for you to exercise the essence of this right.
    • Rectification. You may have the right to have your personal information corrected/rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal information about you and, taking into account the purposes of the processing, update any incomplete personal information, which may include the provision of a supplementary statement.
    • Erasure. You may have the right to have your personal information erased, which means the deletion of your personal information by us. However, your right to erasure is subject to statutory limits and prerequisites (e.g., where your personal information is no longer necessary in relation to the initial purposes for which it was processed, your personal information was processed unlawfully).
    • Restriction of Processing. You may have the right to obtain the restriction of the processing of your personal information, which means that we suspend the processing of your personal information for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal information is contested but we need time to verify the inaccuracy (if any) of your personal information.
    • Data Portability. You may have the right to request we provide you with your personal information in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible.
    • Right to Object. You may have the right to object to the processing of your personal information, which means you may request we no longer process your personal information. This only applies in case the “legitimate interests” ground (including profiling) constitutes the legal basis for processing (see below “Legal Basis for Processing”). However, at any time (and free of charge) you can object to having your personal information processed for direct marketing purposes.
    • Automated Decision Making. You may have the right to object to having us use your personal information to conduct automated decision making. However, CareAR does not engage in any activity that subjects our customers, website users, survey participants, or others to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significant results, impacting them.
    • Withdrawing Consent. You also may withdraw your consent at any time if we are solely relying on your consent for the processing of your personal information. However, this will not impact our legal basis to process such personal information prior to the withdrawal of your consent.

    Submit a Privacy Request. To submit these abovementioned privacy requests, please contact us in accordance with the “Contact Us” section below. You may designate an authorized agent to submit a privacy request on your behalf.

    Privacy Request Verification Process. If you make any request related to your personal information, CareAR will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, before granting you access to, erasing, or correcting, specific pieces or categories of personal information or otherwise responding to your request, CareAR will, to the extent required or permitted by law, (i) require you (or your authorized agent) to verify your request via email, (ii) request certain contact information or government identifiers, and (iii) match at least two pieces of such personal information with data that we have previously collected from you. None of your privacy rights are absolute, and such rights are subject to exceptions and exemptions.

    Legal Basis for Processing. For purposes of the European Union (EU)/UK General Data Protection Regulation, we can collect and process your data under one of the following legal bases:

    • Consent. We can collect and process your data with your consent. For example, if you have given your consent to receiving marketing material from us at the point we collected your information.
    • Contractual Obligations. We need your personal information to comply with our contractual obligations. For example, if you have subscribed to one of our services, we use your personal information to fulfill, and deliver that service to you.
    • Legal Compliance. If the law requires us to, we may need to collect and process your data.
    • Legitimate interest. We may use your data as required in the normal course of operating our businesses and services unless our legitimate interests are overridden by your rights.
    • Vital interests. We may need to process your personal information if the processing is necessary to protect your vital interests (for example, health and safety reasons if you attend a meeting at a CareAR location).

    Complaints. Depending on applicable law, you may have the right to submit a complaint to a data protection authority responsible for overseeing our compliance with data protection law in your jurisdiction. Please see a list of potentially applicable regulatory authorities:

    • For data protection authorities in the EU, please see here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
    • For the data protection authority in Switzerland, please contact the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
    • For the data protection authority in the UK, please contact the Information Commissioner’s Office (www.ico.org.uk).

    We would, however, appreciate the opportunity to address your concerns, so please feel free to contact us regarding any complaint you may have. We will not discriminate against individuals for exercising their data privacy rights or filing a privacy complaint.

    • Marketing Preferences
      
      

      You may, at any time, opt out from receiving marketing emails from us. To opt out from such marketing, please use the “unsubscribe” or “preference” features within our email communications, contact us in accordance with the “Contact Us” section below, or use our Preference Center.

    • Do-Not-Track Signals
      
      

      Some web browsers may transmit “do-not-track” signals to the website with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Unless otherwise required by law, we currently do not take action in response to these signals.

    • Persons with Disabilities
      
      

      CareAR strives to ensure that every person has access to information related to our Services, including this Privacy Policy. Please contact us if you would like this Privacy Policy provided in an alternative format, and we will seek to meet your needs.

    • Rewards Programs and Financial Incentives
      
      

      We may collect and use personal information, including personal information provided by a third party (e.g., refer-a-friend program), to administer and maintain our financial incentive, rewards, and loyalty programs (“Rewards Programs”). We use the personal information you provide in these programs to verify your identity, offer unique rewards, track your program status, and facilitate the exchange of program points for products, promotional materials, training workshops, and other items. If you consent to participate in any of our Rewards Programs, you may withdraw that consent at any time by contacting us in accordance with the “Contact Us” section listed below or in accordance with the instructions set forth in the applicable Rewards Program’s terms and conditions. CareAR may use personal information gathered from, or related to, participants in our Rewards Programs for any other purpose or in any other manner set forth in this Privacy Policy.

      California Rewards Program Rights. Pursuant to the CCPA, you may be entitled to be informed as to why financial incentive programs, or price or service differences, are permitted under the law, including (i) a good-faith estimate of the value of your personal information that forms the basis for offering the financial incentive or price or service difference, and (ii) a description of the method we used to calculate the value of your personal information. Generally, we do not assign monetary or other value to personal information. However, in the event we are required by law to assign such value in the context of Rewards Programs, or price or service differences, we have valued the personal information collected and used as being equal to the value of the discount or financial incentive provided, and the calculation of the value is based upon a practical and good-faith effort often involving (i) the categories of personal information collected (e.g., names, email addresses), (ii) the transferability of such personal information for us and our Rewards Programs, (iii) the discounted price offered, (iv) the volume of consumers enrolled in our Rewards Programs, and (v) the product or service to which the Rewards Programs, or price or service differences, apply. The disclosure of the value described herein is not intended to waive, nor should it be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.

    • Employment Applications and Talent Management

      As part of our recruitment and talent management process, we collect personal information with respect to individuals who are interested in working for us. In this context, we collect employment and application data, such as the following: contact information (e.g., name, title, residential or postal address, telephone number, and personal email address); information in a curriculum vitae, résumé, cover letter, or similar documentation; details regarding the type of employment sought, willingness to relocate, job compensation and benefit preferences; health data (e.g., medical conditions); information related to your background, education, criminal record, credit history and similar data; information provided about or by your references or other third parties related to your employment history, skills, qualifications, or education; and information related to previous applications to us or previous employment history with us. When permitted by law, we may collect information about your race and ethnicity to assist with our diversity and inclusion programs.

      We use this information for the following purposes: to identify and evaluate job applicants; to verify your information; to complete employment, education, background and reference checks; to communicate with you about the recruitment process and your application; to comply with our legal, judicial, regulatory, administrative, or other corporate requirements; to analyze and improve our application and recruitment process; to accommodate individuals who may have specialized needs during the employment process; and to protect the rights, interests, and property of our business, other job applicants, employees, or the public, as required, or permitted, by law.

      We share this personal information with third parties (see “Sharing Information / Third-Party Disclosures”), and we may also use this employment and application data for any other purpose set forth in this Privacy Policy. Please see above for any privacy rights you may have with respect to this personal information.

    • Events and Video Teleconferencing

      CareAR hosts and uses video teleconferencing platforms to facilitate conferences, meetings, training events, and other programs. We often use online platforms that are owned and administered by a third-party service provider (e.g., MS Teams, Google, Zoom, WebEx, Skype for Business). Please be aware that our video teleconferencing may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third-party service providers. By participating in our events and video teleconferencing, you hereby consent to the collection and retention of any information provided therein, and you hereby consent to the recording of such activities.

    • Changes to the Policy

      We reserve the right to amend this Privacy Policy at any time. We will notify you if this Privacy Policy is amended by updating the “Last Updated” section listed above. It is your responsibility to periodically review the Privacy Policy to determine whether any amendments have been made hereto. Your use of the Services, and continued use of the Services after any amendments are made to this Privacy Policy, signifies your consent to this Privacy Policy and any amendments hereto. We may, in our sole discretion, provide you communications, including via email or text messages, about changes to our Privacy Policy; however, such communications do not abrogate or otherwise limit your responsibility to periodically review the Privacy Policy to determine whether any amendments have been made hereto.

    • Contact Us If you have questions regarding this Privacy Policy or our handling of your personal information, would like to request more information from us, or would like to exercise a data privacy right, please contact us (mail) CareAR Holdings, Attn: Compliance Department – Privacy, 201 Merritt 7, Norwalk, CT 06851-1056 or (email) CareARPrivacy@carear.com.