This section applies to residents of Colorado, Connecticut, Maryland, Nebraska, New Jersey, Nevada, Texas, and Washington and supplements the main body of this Privacy Notice pursuant to the applicable privacy laws of those states.
Depending on your state of residence, you may have some or all of the following rights regarding your personal data:
Right to Access. You may request confirmation of whether we process your personal data and, if so, request a copy of that data in a portable, machine-readable format where technically feasible.
Right to Correct. You may request that we correct inaccurate personal data we hold about you.
Right to Delete. You may request that we delete personal data we have collected from you, subject to certain exceptions permitted by applicable law.
Right to Opt Out of Sale, Targeted Advertising, and Profiling. You may opt out of the sale of your personal data, the use of your personal data for targeted advertising, and profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise this right, contact us at privacy@healthmatch.io or broadcast a Global Privacy Control (GPC) signal from a supported browser, which we honour for residents of states where required by law.
Right to Non-Discrimination. We will not retaliate against you for exercising any of these rights.
Right to Appeal — if we decline your request, you may appeal by emailing privacy@healthmatch.io with the subject line "Privacy Rights Appeal." If your appeal is denied, we will provide information on how to contact your state's Attorney General.
To submit a request, email privacy@healthmatch.io. We will respond within the timeframe required by your state's law, which is generally 45 days from receipt of a verified request, extendable where permitted. We will verify your identity before processing.
Health and medical information is sensitive personal data under all of the state laws covered by this supplement. Where required by applicable law, we obtain your consent before collecting or processing your sensitive personal data.
Colorado and New Jersey. We are subject to the Colorado Privacy Act and the New Jersey Data Protection Act. We honour GPC signals as valid opt-out requests, and no cure period is available under either law.
Maryland. We are prohibited under the Maryland Online Data Privacy Act from processing sensitive personal data — including health information — for targeted advertising purposes. This is an outright prohibition, not an opt-out right. We are also required to limit data collection to what is reasonably necessary for the purposes described in this Privacy Notice. No cure period is available.
Texas. We allow Texas residents to opt out of the sale of personal data and targeted advertising, and we honour GPC signals as required under the TDPSA. Health information is additionally protected under the Texas Medical Records Privacy Act, which requires us to obtain explicit authorisation before sharing your health or medical information with third parties.
Washington. We are required under the Washington My Health My Data Act to obtain your affirmative authorisation before collecting, sharing, or selling your consumer health data. You have the right to request a list of all third parties to whom your health data has been disclosed, and Washington residents have a private right of action for violations of the MHMDA.
Nevada. We allow Nevada residents to opt out of the sale of personal data under Nevada SB 220, and to consent to or decline the collection and sharing of consumer health data under Nevada SB 370. We honour GPC signals as valid opt-out requests.
Connecticut. We allow Connecticut residents to opt out of targeted advertising, sale, and profiling through a universal opt-out mechanism, including GPC signals.
Nebraska. We provide Nebraska residents with rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of sale and targeted advertising under the Nebraska Data Privacy Act.