Ovia Health Non-App Privacy Policy

Introduction and scope

This Privacy Policy (“Policy”) describes how Ovuline, Inc., doing business as Ovia Health (“Ovia”) collects, uses and shares personal data collected by Ovia from non-app users, including from job applicants, employees, business contacts, and other individuals who may come into contact with Ovia as part of Ovia’s internal operations, management and administration or through Ovia's corporate website (“Ovia Operations”).

This Policy does not apply to personal data collected from users of the Ovia Fertility, Ovia Pregnancy and Ovia Fertility apps and health coaching services. If you are a user of the Ovia Fertility, Ovia Pregnancy or Ovia Parenting apps, you should review the Ovia Health App Privacy Policy here.

For California residents whose personal data is governed by the California Consumer Privacy Act (“CCPA”), Ovia provides a supplementary CCPA Privacy Policy for employees and job applicants here. The CCPA Privacy Policy describes Ovia’s use and sharing of personal data of California residents using the format specifically required by the CCPA and its regulations.

In this Policy, the term “personal data” refers to information relating to an identified or identifiable individual. The term “you” refers to individuals who come into contact with Ovia.

Personal Data We Collect

We collect personal data from business contacts, job applicants and employees, and others who come into contact with Ovia as part of Ovia Operations. This may include the following:

Where Do We Get Personal Data?

We collect personal data both directly and indirectly.

How and Why Do We Use Personal Data?

We use your personal data for Ovia Operations, including:

Lawful Processing. We collect, use and otherwise process personal data as allowed under applicable law, including where based on one or more of the following:

- The consent you provide to us at the point of collection of your personal information;

- The performance of the contract we have with you;

- The compliance of a legal obligation to which we are subject;

- The legitimate interests of Ovia, you or a third party, where not overridden by your interests, fundamental rights or freedoms. Ovia’s legitimate interests include the lawful conduct of its business.

When Do We Share Personal Data?

We share personal data with vendors and contractors who provide services to us and with third parties as reasonably necessary for Ovia Operations. We enter into agreements with our vendors and contractors that require them to keep all personal data confidential and use it only to provide services to Ovia.

We may also share personal data to comply with law and law enforcement requests, to enforce our legal rights, and to conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Ovia's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

We use Google technology and services to obtain analytics about Ovia’s website. As a result of this, Google obtains and uses certain of your personal data as described here.

What Are Your Choices?

You may opt-out of Ovia marketing emails at any time by using the ‘unsubscribe’ link at the bottom of any Ovia marketing email or by contacting us at support@oviahealth.com.

In addition, privacy, data protection and employment laws may give you other rights with respect to your personal data, including the right to access, correct and delete personal data. Ovia honors any consumer data rights provided by applicable law. You can email Ovia at support@oviahealth.com to exercise these rights. Ovia may require you to verify your identity in order to exercise these rights.

Data Security

Ovia protects personal data with security measures that are consistent with industry standards, including background checks on all employees and data encryption in transit and at rest. We will notify you of security incidents as required by law.

Data Retention

We store personal data for the period that your relationship with Ovia is active and then for a further retention period that (a) for employees and job applicants, reflects our need to keep business records in compliance with law, and (b) for business contacts, reflects the period during which we reasonably anticipate you may remain interested in information about Ovia. After this retention period ends, we delete your data.

How to Contact Ovia?

To contact Ovia to exercise your privacy choices, please see “What Are My Choices?” above.

For questions or complaints about Ovia’s processing of personal data, contact us at:

Legal Department
Ovuline, Inc., dba Ovia Health
308 Congress Street, Floor 6,
Boston, MA 02210

You may also have the legal right to lodge a complaint about Ovia’s data processing with your local consumer protection or data protection authority.

Other Issues

Children: Ovia does not knowingly collect personal data under Ovia Operations from children under 13 (for the US) or from individuals for whom parental consent is required for collection or processing of personal data.

Third Party Websites or Apps: Some Ovia properties may take you to websites or apps that are operated by other companies. Ovia is not responsible for the privacy practices of its advertisers, sponsors or others. You should review the privacy policies of those sites and apps.

Legal requirements: Ovia may provide personal data to courts, law enforcement and governmental authorities if required by law or to protect the rights or property of Ovia or third parties. Ovia may access, use and preserve data to comply with law, in anticipation of litigation, or to protect the rights or property of Ovia or third parties, even if the data is subject to a deletion request from you. We may also provide information to law enforcement or authorities to protect the safety of users of the apps or others.

Sale, merger, or change of ownership: If Ovia Health merges with another company, or its equity securities or all or a part of its assets are sold to a third party, your personal data may be transferred to the buyer or successor entity.

Changes to this Policy

Ovia may modify this Policy from time to time by posting an updated version of the Policy.

Last updated: 7 April, 2021

Employee Privacy Notice for California Residents

Effective Date: 1 January, 2020

Last Reviewed on: 7 April, 2021

This Employee Privacy Notice for California Residents applies solely to all Ovia job applicants and employees who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

Ovia collects information from employees that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, Ovia collects the following categories of personal information from you:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. Yes.

For example, Ovia may collect your name, email address and Social Security Number and will collect your IP address when you connect to Ovia networks.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

For example, Ovia may collect your name, Social Security Number, address, telephone, bank account for payroll, Ovia health insurance information, education and employment history.
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Yes.

For example, Ovia may collect your citizenship or national origin.
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes.

For example, you may claim reimbursement of certain personal expenses under Ovia employee benefit programs and tell Ovia the details of those purchases.
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No.
F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. Yes.

For example, Ovia may monitor its computers, systems and networks for security purposes.
G. Geolocation data. Physical location or movements. No.
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. Yes.

For example, Ovia may collect employee photographs in some situations.
I. Professional or employment-related information. Current or past job history or performance evaluations. Yes.

For example, Ovia may collect job history and performance information.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Yes.

For example, Ovia may collect educational history.
K. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes.

For example, Ovia may collect information on employee performance and skills.

Personal information does not include:

Ovia obtains the categories of personal information listed above from the following categories of sources:

Sensitive Personal Information We Collect

Ovia collects the following categories of sensitive personal information from employees and job applicants:

Category Description Does Ovia Collect?
Sensitive Identifiers Social security, driver's license, state Identification card, or passport number Yes. For example, Ovia collects social security numbers from employees.
Account Information Account log-In, financial account, debit card, or credit card number In combination with any required security or access code, password, or credentials allowing access to an account Yes. For example, Ovia collects financial account information for payroll purposes.
Geolocation Precise geolocation No.
Race, Beliefs, Union Racial or ethnic origin, religious or philosophical beliefs, or union membership Yes, if the employee chooses to provide this information as part of onboarding.
Content of Communications Contents of a consumer's mall, email and text messages, unless the business Is the Intended recipient of the communication Yes. Ovia collects information transmitted by our company email and messaging systems. Ovia employees have no expectation of privacy in the contents of corporate communication systems including email and Slack.
Genetic Data Genetic Data No.
Biometric Data Biometric Information for the purpose of uniquely identifying a consumer No.
Health Data Information concerning a person’s health No.
Sex Sex life or sexual orientation Yes. Ovia may collect sexual orientation information in the context of family health insurance.

Use of Personal Information

We may use or disclose the personal information and sensitive personal information we collect for one or more of the following purposes:

Ovia will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Does Ovia Sell Personal Information or Share for Advertising?

No. While Ovia may disclose employee or job applicant personal information as described in this notice, Ovia does not sell such information or share it for cross-contextual behavioral advertising.

This provision does not apply to restrict Ovia’s use of social media accounts, recruitment advertising on social networks, or job platforms. Use of social media, social networks and job platforms may involve sale or sharing of personal information by the platform operator as described in the privacy policies of the applicable platform.

Retention of Personal Information

Ovia retains employee and job applicant personal information for the length of time that is reasonably necessary to accomplish the purposes disclosed in this notice. Ovia expects to retain employee personal information for 10 years from termination of employment and job applicant personal information for 3 years from completion of the job application process.

Changes to This Privacy Notice

Ovia reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will distribute the updated notice to Ovia employees and update the notice's effective date.

Contact Information

If you have any questions or comments about this notice, the ways in which Ovia collects and uses your information, please do not hesitate to contact us at:

Email: legal@oviahealth.com
Postal Address:
Ovia Health
Attn: Legal Department
308 Congress Street, Level 6
Boston, MA 02210