Privacy Notice For California Residents Under The California Consumer Privacy Act
Last Updated: June 4, 2024
APPLICABILITY: Pursuant with the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 (collectively “CCPA”), and any other California privacy laws, this CCPA Notice applies to the collection, retention and otherwise processing of Personal Information (as defined below) by Nano-X Imaging Ltd. and its affiliates (collectively, the “Company”) from its Prospects, Customers, End Users and Job Applicants, who are California residents (“consumers” or “you”). This CCPA Notice is an integral part of the Company’s Privacy Policy (“Privacy Policy”), and thus, definitions used herein but not defined herein or under the CCPA shall have the same meaning as defined in the Privacy Policy.
As required under the CCPA, we will update this Privacy Notice every 12 months. The last revision date will be reflected in the “Last Updated” heading located at the top of the CCPA Notice.
PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES:
(A) CATEGORIES OF PERSONAL INFORMATION THE COMPANY COLLECTS
The Company collects Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device, all as detailed in the table below, and further includes Sensitive Personal Information (“SPI”) as detailed in the table below.
Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; and such information which is governed by additional legislation, such as: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
The Company has collected the following categories of personal information within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
Yes: Online identifiers, Internet protocol address, unique identifiers, real name and business email address.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
Yes: A name and telephone number. If and to the extent the Company employees individuals in the State of California, it will also collect information regarding such individuals’ education, employment, employment history, medical information, health insurance information, SSN or other governmental identifying information.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
Yes: Browsing history, search history, information on a consumer's interaction with our website, or advertisement.
Physical location, approximate location derived from IP address or movements.
Yes: Approximate location as derived by the consumer's IP.
Audio, electronic, visual, thermal, olfactory, or similar information.
Yes: we may collect visual recording of our end customers for marketing purposes subject to their consent.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
Yes: If and to the extent the Company employs individuals in the State of California.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
L. Sensitive personal information.
Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life.
Yes: If and to the extent the Company employes individuals in the State of California, it might collect, pursuant with its internal policies, certain text or email messages obtained through such employees’ Company owned devices.
(B) CATEGORIES OF SOURCES OF PERSONAL INFORMATION
- Automatically – certain Personal Information such as data listed under Category F in the table above, is generated automatically and collected through the use of cookies and similar tracking technologies (such as pixels, tags, agent, etc.). For more information on the cookies we use and how to opt out of third-party collection of this information, please see Section 5 to our Privacy Policy "Cookies and Similar Tracking Technologies".
- Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as through contact us form available on the website.
- Provided by your clinic or health care provider which are our Customers – where your health care provider provides you with healthcare services while using our products or services, we will collect certain data on his behalf.
(C) USE OF PERSONAL INFORMATION
The Company may use the Personal Information collected as identified above, for the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry.
- To provide, support, personalize, and develop our website and services therein, as well as improve such services.
- For security and fraud detection purposes, and to maintain the safety, security, and integrity of our website.
- Respond to law enforcement; or otherwise as detailed in the Company’s Privacy Policy.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
The Company will not collect additional categories of Personal Information or use the Personal Information the Company collected for materially different, unrelated, or incompatible purposes without providing you notice.
(D) DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE
We may disclose your Personal Information to a contractor or service provider for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract; we further restrict the contractor and service provider from selling or sharing your Personal Information.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
Business Purpose (as defined under CCPA)
Category (corresponding with the table above)
Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
Advertising networks; data analytics providers; social media networks.
Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes.
Affiliated companies, operational partner, security and fraud prevention providers, and operating systems.
Debugging to identify and repair errors that impair existing intended functionality
Analytic providers, operational partner, security and fraud prevention providers, operating systems.
Short-term, transient use, such as non-personalized advertising shown as part of your current interaction with us.
Advertising networks; data analytics providers; social media networks.
Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider
Category A
Category F
Category G
Category H
Hosting and server co-location services, communications and content delivery networks, internet service providers, operating systems and platforms, data analytics services, marketing and advertising services, data and cyber security services, fraud detection and prevention services, capital providers, and correspondents, customer engagement services, billing, web analytics, e-mail and SMS distribution and monitoring services, session or activity recording services, remote access services, performance measurement, data optimization services, social and advertising networks, content providers, support and customer relation management systems, service providers that help us verify your identity and help us comply with the Company’s legal and regulatory obligations to screen and monitor transactions; and the Company’s business, legal, tax, financial and compliance advisors.
Undertaking internal research for technological development and demonstration.
Category A
Category F
Category G
Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools.
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned or controlled by the business.
Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools.
(E) SALE OR SHARE OF PERSONAL INFORMATION
In the preceding twelve (12) months, we did not “sell” information as most people would commonly understand that term. We do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment. We may “share” Personal Information for “interest-based advertising” or “cross-context behavioral advertising”. The CCPA defines “sharing” as “communicating orally, in writing, or by electronic or other means, a consumer’s personal information” to “a third party for cross-context behavioral advertising, whether or not for money or other valuable consideration”. In other words, we may share your Personal Information with a third party to help serve personalized content or ads that may be more relevant to your interests, and to perform other advertising-related services such as enabling our partners to serve such personalized content.
Further, as we promote our Service through online campaigns, we place third-party marketing and analytic cookies on our website, sharing the unique identifier with such partners for analytic and marketing purposes may also fall under the definition or “share and sell”, and therefore, we offer the opportunity to opt-out through the cookie setting presented on our website’s footer. For additional information regarding the tracking technologies, we use on our website please review our cookies list presented in the website’s footer.
In the preceding twelve (12) months, we “sell” or “share” the following categories of Personal Information for a business purpose:
Category (corresponding with the table above)
Category A
Category F
Category G
Ad-network, Marketing Cookies, Analytic Cookies.
Share for cross-context behavioral advertising.
(F) CHILDREN UNDER AGE 16
Our services are not intended for children under the age of 16. However, end-users to some of our products and services might be children under the age of 16 and to that extent we might have access to certain Personal Information about a child, only where our customers obtain their legal guardian’s consent. We therefore strongly recommend that if you are a child you will review this CCPA Notice with your legal guardian.
(G) DATA RETENTION
The retention periods are determined according to the following criteria:
(i) For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed. For example: if you contacted us, we will retain your contact information at least until we will address your inquiry.
(ii) To comply with our regulatory obligations.
(iii) To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.
Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA AND HOW TO EXERCISE THEM
(A) YOUR RIGHTS UNDER THE CCPA
If you are a California resident, you may exercise certain privacy rights related to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law. We may limit our response to your exercise of these privacy rights as permitted under applicable law, all as detailed herein and the in the Data Subject Request ("DSR") form available here.
The right to know what Personal Information the business has collected.
The right to know what Personal Information the business has collected about the consumer, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer.
The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions.
Correct Inaccurate Information
The right to correct inaccurate Personal Information that a business maintains about a consumer
Opt-Out of Sharing for Cross-Contextual Behavioral Advertising
You have the right to opt-out of the “sharing” of your personal information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising”.
the right to opt-out of the sale or sharing of Personal Information by the business
Limit the Use or Disclosure of SPI
Under certain circumstances, If the business uses or discloses SPI, the right to limit the use or disclosure of SPI by the business.
Opt-Out of the Use of Automated Decision Making
In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information.
The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information.
You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.
To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.
(B) HOW CAN YOU EXERCISE THE RIGHTS?
You may exercise your rights through the DSR form available here. The instructions for submitting, the general description of the process, verification requirements, when applicable, including any information the consumer must provide are all detailed in the DSR form.
Note, certain rights can be done by you independently without using the DSR form. For example, depending on your interaction with us:
(i) you can opt-out from receiving emails from us by clicking the “unsubscribe” link within the email;
(ii) you can the "Do Not Sell or Share My Personal Information" link within the cookies settings on the website in order to opt out from the use of certain cookies;
(iii) we also are able to process the Global Privacy Control preference signals.
(C) AUTHORIZED AGENTS
“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, the Company will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:
(i) When a consumer uses an authorized agent to submit a request to know or a request to delete, the Company may require that the consumer do the following:
- Provide the authorized agent signed permission to do so or power of attorney.
- Verify their identity directly with the Company.
- Directly confirm with the Company that they provided the authorized agent permission to submit the request.
(ii) The Company may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
CONTACT US
If you have any questions or concerns regarding privacy issues, or if you wish to be provided with any other information related to our privacy practices, please contact us at:
Nano-X Imaging Ltd.
dpo@nanox.vision
94 Em Hamoshavot Rd. Petah Tikva, 4970602, Israel.
PART III: OTHER CALIFORNIA OBLIGATIONS
Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 requires us to notify you how the Company deals with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, the Company does not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.