Ovia Health Non-App Privacy Policy
Introduction and scope
This Privacy Policy (“Policy”) describes how Ovuline, Inc., doing business as Ovia Health (“Ovia”) collects, uses and shares personal data collected by Ovia from non-app users, including from job applicants, employees, business contacts, and other individuals who may come into contact with Ovia as part of Ovia’s internal operations, management and administration or through Ovia's corporate website (“Ovia Operations”).
This Policy does not apply to personal data collected from users of the Ovia Fertility, Ovia Pregnancy and Ovia Fertility apps and health coaching services. If you are a user of the Ovia Fertility, Ovia Pregnancy or Ovia Parenting apps, you should review the Ovia Health App Privacy Policy here.
For California residents whose personal data is governed by the California Consumer Privacy Act (“CCPA”), Ovia provides a supplementary CCPA Privacy Policy for employees and job applicants here. The CCPA Privacy Policy describes Ovia’s use and sharing of personal data of California residents using the format specifically required by the CCPA and its regulations.
In this Policy, the term “personal data” refers to information relating to an identified or identifiable individual. The term “you” refers to individuals who come into contact with Ovia.
Personal Data We Collect
We collect personal data from business contacts, job applicants and employees, and others who come into contact with Ovia as part of Ovia Operations. This may include the following:
- We collect the personal contact information of business contacts, such as name, telephone number, email address, employer, physical address, and social media accounts such as LinkedIn.
- From job applicants, we collect personal contact information, including name, telephone number, email address, employer, physical address, and social media accounts such as LinkedIn, citizenship and national origin, and education and employment history. In addition to the above, we collect Social Security Number and bank account for payroll, and family information needed to provide health insurance and employee benefits, once an employee accepts an offer to join Ovia Health.
- We collect personal data when Ovia or its vendors conduct background checks on employees and job applicants, including information on criminal history, credit, education, employment and evidence of drug use disclosed through drug testing.
- If we identify an individual as a potential recruit but the person does not become a job applicant at Ovia, we may collect from third party sources such as LinkedIn personal data such as name, email address, and education and employment history.
- From employees in the course of their employment and using Ovia’s networks and equipment, we may collect additional personal data including photographs, performance evaluation information, and IP address and online activity information.
Where Do We Get Personal Data?
We collect personal data both directly and indirectly.
- We collect personal data directly from job applicants, employees and business contacts. From job applicants and employees, this occurs as part of the job applicant process. For business contacts, this may occur as part of Ovia’s sales and marketing activities, such as when you attend an Ovia event or webinar, meet Ovia representatives as a trade show or other public event, respond to an Ovia survey, or subscribe to an Ovia email list.
- We also collect information about business contacts, job applicants, employees and potential employees indirectly, from third parties such as LinkedIn and other social networks, the media and business directories.
- We collect information about usage of Ovia’s networks and equipment automatically.
How and Why Do We Use Personal Data?
We use your personal data for Ovia Operations, including:
- Attracting job applicants, and recruiting, hiring and onboarding employees
- Management and training of employees
- Administering payroll, health insurance, 401k and other benefits to employees and their families
- Advertising and marketing Ovia’s services and conducting surveys
- Operating and maintaining the security of Ovia’s products, services, equipment and networks
- To comply with law and law enforcement requests
- To conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Ovia's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Ovia about employees is among the assets transferred
Lawful Processing. We collect, use and otherwise process personal data as allowed under applicable law, including where based on one or more of the following:
- The consent you provide to us at the point of collection of your personal information;
- The performance of the contract we have with you;
- The compliance of a legal obligation to which we are subject;
- The legitimate interests of Ovia, you or a third party, where not overridden by your interests, fundamental rights or freedoms. Ovia’s legitimate interests include the lawful conduct of its business.
When Do We Share Personal Data?
We share personal data with vendors and contractors who provide services to us and with third parties as reasonably necessary for Ovia Operations. We enter into agreements with our vendors and contractors that require them to keep all personal data confidential and use it only to provide services to Ovia.
We may also share personal data to comply with law and law enforcement requests, to enforce our legal rights, and to conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Ovia's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
We use Google technology and services to obtain analytics about Ovia’s website. As a result of this, Google obtains and uses certain of your personal data as described here.
What Are Your Choices?
You may opt-out of Ovia marketing emails at any time by using the ‘unsubscribe’ link at the bottom of any Ovia marketing email or by contacting us at support@oviahealth.com.
In addition, privacy, data protection and employment laws may give you other rights with respect to your personal data, including the right to access, correct and delete personal data. Ovia honors any consumer data rights provided by applicable law. You can email Ovia at support@oviahealth.com to exercise these rights. Ovia may require you to verify your identity in order to exercise these rights.
Data Security
Ovia protects personal data with security measures that are consistent with industry standards, including background checks on all employees and data encryption in transit and at rest. We will notify you of security incidents as required by law.
Data Retention
We store personal data for the period that your relationship with Ovia is active and then for a further retention period that (a) for employees and job applicants, reflects our need to keep business records in compliance with law, and (b) for business contacts, reflects the period during which we reasonably anticipate you may remain interested in information about Ovia. After this retention period ends, we delete your data.
How to Contact Ovia?
To contact Ovia to exercise your privacy choices, please see “What Are My Choices?” above.
For questions or complaints about Ovia’s processing of personal data, contact us at:
Legal Department
Ovuline, Inc., dba Ovia Health
308 Congress Street, Floor 6,
Boston, MA 02210
legal@oviahealth.com
You may also have the legal right to lodge a complaint about Ovia’s data processing with your local consumer protection or data protection authority.
Other Issues
Children: Ovia does not knowingly collect personal data under Ovia Operations from children under 13 (for the US) or from individuals for whom parental consent is required for collection or processing of personal data.
Third Party Websites or Apps: Some Ovia properties may take you to websites or apps that are operated by other companies. Ovia is not responsible for the privacy practices of its advertisers, sponsors or others. You should review the privacy policies of those sites and apps.
Legal requirements: Ovia may provide personal data to courts, law enforcement and governmental authorities if required by law or to protect the rights or property of Ovia or third parties. Ovia may access, use and preserve data to comply with law, in anticipation of litigation, or to protect the rights or property of Ovia or third parties, even if the data is subject to a deletion request from you. We may also provide information to law enforcement or authorities to protect the safety of users of the apps or others.
Sale, merger, or change of ownership: If Ovia Health merges with another company, or its equity securities or all or a part of its assets are sold to a third party, your personal data may be transferred to the buyer or successor entity.
Changes to this Policy
Ovia may modify this Policy from time to time by posting an updated version of the Policy.
Last updated: 7 April, 2021
Employee Privacy Notice for California Residents
Effective Date: 1 January, 2020
Last Reviewed on: 7 April, 2021
This Employee Privacy Notice for California Residents applies solely to all Ovia job applicants and employees who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
Ovia collects information from employees that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, Ovia collects the following categories of personal information from you:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | Yes. For example, Ovia may collect your name, email address and Social Security Number and will collect your IP address when you connect to Ovia networks. |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
Yes. For example, Ovia may collect your name, Social Security Number, address, telephone, bank account for payroll, Ovia health insurance information, education and employment history. |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Yes. For example, Ovia may collect your citizenship or national origin. |
| D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes. For example, you may claim reimbursement of certain personal expenses under Ovia employee benefit programs and tell Ovia the details of those purchases. |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No. |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes. For example, Ovia may monitor its computers, systems and networks for security purposes. |
| G. Geolocation data. | Physical location or movements. | No. |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes. For example, Ovia may collect employee photographs in some situations. |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | Yes. For example, Ovia may collect job history and performance information. |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | Yes. For example, Ovia may collect educational history. |
| K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes. For example, Ovia may collect information on employee performance and skills. |
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Ovia obtains the categories of personal information listed above from the following categories of sources:
- Directly from you.
- Indirectly from you. For example, from LinkedIn, your references, or from your use of Ovia computer systems and networks in connection with your employment.
- From other Ovia employees as part of Ovia performance management.
- From the service providers we use to perform background checks and drug tests in connection for employee screening purposes.
Sensitive Personal Information We Collect
Ovia collects the following categories of sensitive personal information from employees and job applicants:
| Category | Description | Does Ovia Collect? |
|---|---|---|
| Sensitive Identifiers | Social security, driver's license, state Identification card, or passport number | Yes. For example, Ovia collects social security numbers from employees. |
| Account Information | Account log-In, financial account, debit card, or credit card number In combination with any required security or access code, password, or credentials allowing access to an account | Yes. For example, Ovia collects financial account information for payroll purposes. |
| Geolocation | Precise geolocation | No. |
| Race, Beliefs, Union | Racial or ethnic origin, religious or philosophical beliefs, or union membership | Yes, if the employee chooses to provide this information as part of onboarding. |
| Content of Communications | Contents of a consumer's mall, email and text messages, unless the business Is the Intended recipient of the communication | Yes. Ovia collects information transmitted by our company email and messaging systems. Ovia employees have no expectation of privacy in the contents of corporate communication systems including email and Slack. |
| Genetic Data | Genetic Data | No. |
| Biometric Data | Biometric Information for the purpose of uniquely identifying a consumer | No. |
| Health Data | Information concerning a person’s health | No. |
| Sex | Sex life or sexual orientation | Yes. Ovia may collect sexual orientation information in the context of family health insurance. |
Use of Personal Information
We may use or disclose the personal information and sensitive personal information we collect for one or more of the following purposes:
- to conduct employee recruitment, hiring and onboarding;
- to process payroll;
- to administer and maintain group health insurance benefits, 401K retirement plans, and other employee benefits;
- to manage employee performance of their job duties;
- to help maintain the safety, security, and integrity of our products and services, databases and other technology assets, and business;
- for the operation of office productivity software and systems, such as through your use of Google Docs, Slack, and Microsoft Office products;
- for marketing of Ovia products, such as when an employee photograph, interview or biography is featured in Ovia marketing materials;
- to comply with state and federal law requiring employers to maintain certain records;
- to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- for the general management and administration of Ovia; and
- to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Ovia's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Ovia about employees is among the assets transferred.
Ovia will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Does Ovia Sell Personal Information or Share for Advertising?
No. While Ovia may disclose employee or job applicant personal information as described in this notice, Ovia does not sell such information or share it for cross-contextual behavioral advertising.
This provision does not apply to restrict Ovia’s use of social media accounts, recruitment advertising on social networks, or job platforms. Use of social media, social networks and job platforms may involve sale or sharing of personal information by the platform operator as described in the privacy policies of the applicable platform.
Retention of Personal Information
Ovia retains employee and job applicant personal information for the length of time that is reasonably necessary to accomplish the purposes disclosed in this notice. Ovia expects to retain employee personal information for 10 years from termination of employment and job applicant personal information for 3 years from completion of the job application process.
Changes to This Privacy Notice
Ovia reserves the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will distribute the updated notice to Ovia employees and update the notice's effective date.
Contact Information
If you have any questions or comments about this notice, the ways in which Ovia collects and uses your information, please do not hesitate to contact us at:
Email: legal@oviahealth.com
Postal Address:
Ovia Health
Attn: Legal Department
308 Congress Street, Level 6
Boston, MA 02210