Privacy policy
Last updated: April 1, 2021
​
Nua Group is committed to protecting your privacy. This Privacy Policy explains our practices regarding the collection, use, disclosure and protection of information that we process in connection with www.nuahr.com and our consulting services (collectively the “Services”). This Privacy Policy doesn’t apply to any third-party websites, services or applications, even if they are accessible through www.nuahr.com (the “Site”). Please note that all capitalized words used in this Privacy Policy have the same meanings as in our Terms and Conditions. By using the Site, you acknowledge that you have read and understand Nua Group’s Privacy Policy. You can download a pdf copy of this Privacy Policy here.
Revisions to this Privacy Policy
Any information that is collected though the Services are covered by the Privacy Policy in effect at the time such information is collected. Nua Group may revise this Privacy Policy from time to time. If Nua Group makes any changes to this Privacy Policy, Nua Group will post those changes to the Site. Any such changes will be effective immediately upon being posted, unless otherwise stated in the change. Nua Group will update the “Last updated” date above to indicate the date on which the most recent changes to the Privacy Policy became effective.
​
​
1. SCOPE
This Privacy Policy describes the information that we collect (directly or indirectly) and why we collect it, what we do with the information we collect and how you can manage your Personal Data (defined below).
Nua Group is the controller of the Personal Data collected through the Services. Any questions or concerns regarding Nua Group’s privacy and data protection practices can be directed to our Data Protection Lead at privacy@nuahr.com.
For information regarding Nua Group’s processing of Protected Health Information, please see our Protected Health Information Policy.
​
2. INFORMATION WE COLLECT
“Personal Data” is information that directly or indirectly identifies you. Below are some examples of the Personal Data we may collect through the Services:
-
Identifiers. A real name, alias, postal address, unique personal identifier, photos, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
-
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (“Consumer Records”). A name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
-
Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
-
Internet or other similar network activity. Such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
-
Geolocation data. Such as physical location or movements.
-
Professional or employment-related information. Current or past job history or performance evaluations.
-
Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
​
3. HOW WE COLLECT INFORMATION
​
We collect information as follows.​
​
-
When you use the Services: We may ask for contact information such as your name, address, telephone number, email address, contact preferences, employer/company, and information related to our Services. We collect this information so that we may: keep you informed about Nua Group, respond to your inquiries, and provide you with information about our products and Services.
-
When we perform consulting services. We may request and receive Identifiers, Consumer Records, Protected classification characteristics, and other information. We collect and use this information to perform the consulting services we have been contracted to perform for you or your employer. Your employer shares healthcare and health insurance information with us pursuant to a Business Associate Agreement. We may also receive some information from third-party service providers of your employer.
-
When you request information from us. We collect Identifiers and other information when you request more information from us or join our mailing list. We may also receive such information with you when you attend a conference in which we are participating.
-
When you apply for employment. We collect Identifiers, Professional or employment-related information, and other information. We use this information to evaluate you for employment with Nua Group.
-
Through Server Logs: A server log is a list of the activities that a server performs. Nua Group’s servers automatically collect and store in server logs your search queries, Internet Protocol (IP) address, browser type, browser language, the date and time of your request and referral URL and certain cookies that identify your browser or Nua Group account.
-
From Your Computer, Tablet or Mobile Telephone: We collect information about your computer, tablet or mobile telephone (“Device”), such as model, operating system version, mobile network information, telephone number, internet service provider and similar identifiers. Nua Group may associate your Device information with your Nua Group account. We may collect and store information (including Personal Data) on your Device through browser web and web application data caches. We may collect information from sensors that provide Nua Group with information on nearby devices, Bluetooth address, Wi-Fi access points and information made available by you or others that indicates the current or prior location of the user. We also may collect IP address and MAC address. How we collect this data depends on how you access the Services. Certain Services may collect this data even when you are not actively using the Services.
-
Cookies and Similar Technologies: Nua Group uses cookies (small, often encrypted, text files that are stored on your computer or mobile device) and similar technologies (“Cookies”) to provide the Services and help collect data. Our Cookies procedure in Section 4 below explains how we use Cookies to collect information about the way you use the Services and how you can control them.
4. Cookies & Similar Technologies
How We Use Cookies
We use Cookies to track how you use the Services by providing usage statistics. Cookies are also used to allow product authentication to you based upon your browsing history and previous visits to the Services. Information supplied to us using cookies helps us to provide a better online experience to our visitors and users and send marketing communications to them, as the case may be.
While this information on its own may not constitute your “personal data”, we may combine the information we collect via Cookies with personal data that we have collected from you to learn more about how you use the Services to improve them.
Types of Cookies
We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them). To make it easier for you to understand why we need them, the Cookies we use on the Services can be grouped into the following categories:
-
Essential: These Cookies are necessary for the Services to work properly. They include any essential authentication and authorization cookies for the Services.
-
Functional: These Cookies enable technical performance and allow us to “remember” the choices you make while browsing the Services, including any preferences you set. They also include sign-in and authentication cookies and IDs that enable you to return without additional sign-in.
-
Performance/Analytics: These Cookies allow us to collect certain information about how you navigate the Services or utilize the Products running on your device. They help us understand which areas you use and what we can do to improve them.
-
Marketing and Customer Support: These Cookies are used to deliver relevant information related to the Services to an identified machine or other device (not a named or otherwise identifiable person) which has previously been used to visit the Services. Some of these types of Cookies on the Services are operated by third parties with our permission and are used to identify advertising sources that are effectively driving customers to the Services.
Here is a representative list of the cookies we use.
​
​
Cookies Set by Third Party Sites
To enhance our content and to deliver a better online experience for our users, we sometimes embed images and videos from other websites on the Services. We currently use, and may in future use content from websites such as Facebook, LinkedIn and Twitter. You may be presented with Cookies from these third-party websites. Please note that we do not control these Cookies. The privacy practices of these third parties will be governed by the third parties’ own privacy statements or policies. We are not responsible for the security or privacy of any information collected by these third parties, using cookies or other means. You should consult and review the relevant third-party privacy statement or policy for information on how these cookies are used and how you can control them.
We also use Google, a third-party analytics provider, to collect information about Services usage and the users of the Services, including demographic and interest-level information. Google uses cookies in order to collect demographic and interest-level information and usage information from users that visit the Services, including information about the pages where users enter and exit the Services and what pages users view on the Services, time spent, browser, operating system, and IP address. Cookies allow Google to recognize a user when a user visits the Services and when the user visits other websites. Google uses the information it collects from the Services and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit websites and purchase items. We do not link information we receive from Google with any of your personally identifiable information. For more information regarding Google’s use of cookies, and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).
Other Similar Technologies
Nua Group web pages may use other technologies such as web beacons to help deliver cookies on the Services and count users who have visited those websites. We also may include web beacons in our promotional email messages or newsletters to determine whether you open and act on them as well as for statistical purposes.
In addition to standard cookies and web beacons, the Services can also use other similar technologies to store and read data files on your computer. This is typically done to maintain your preferences or to improve speed and performance by storing certain files locally.
How to Control and Delete Cookies
Cookies can be controlled, blocked or restricted through your web browser settings. Information on how to do this can be found within the Help section of your browser. All Cookies are browser specific. Therefore, if you use multiple browsers or devices to access websites, you will need to manage your cookie preferences across these environments.
If you are using a mobile device to access the Services, you will need to refer to your instruction manual or other help/settings resource to find out how you can control cookies on your device.
Please note: If you restrict, disable or block any or all Cookies from your web browser or mobile or other device, the Services may not operate properly, and you may not have access to the Services available through the Services. Nua Group shall not be liable for any impossibility to use the Services or degraded functioning thereof, where such are caused by your settings and choices regarding cookies.
To learn more about cookies and web beacons, visit www.allaboutcookies.org.
Do Not Track: Do-not-track (or “DNT”) is a weber browser setting that requests that a web application disable its tracking of an individual user. When such a setting is turned on, then your computer’s browser sends special signals to plug-in providers, advertising networks, websites, companies that perform website analytics services or capabilities, or other web platforms or services, etc. to stop tracking your internet activity. Nua Group does not use technology which recognizes any DNT signals sent by your browser. If such technology is available by virtue of our email service or website platform, we are neither aware of it, nor utilize it. You should know that you can also opt out of internet based advertising by installing a plug-in for your browser. Such plug-ins are available from third parties.
​
5. HOW WE PROCESS PERSONAL DATA
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances.
-
Where we need to perform the contract we are about to enter into or have entered into with you.
-
Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
-
Where we need to comply with a legal or regulatory obligation.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Nua Group uses information collected for the following purposes based on our legitimate interests:
-
To communicate with you;
-
To evaluate you for employment with Nua Group;
-
To administer and protect our business and the Services including troubleshooting, data analysis, security, testing, system maintenance, support, reporting, technical functionality, hosting of data, and in the context of a business reorganization or group restructuring exercise;
-
To prevent and investigate fraud and other misuses of the Services;
-
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you;
-
To use data analytics to improve our website, products/Services, marketing, client relationships and experiences; or
-
To make suggestions and recommendations to you about products or Services that may be of interest to you.
We also use your Personal Data when necessary for the performance of a contract or to comply with legal obligations in the following contexts:
-
To perform the Services;
-
To set up and maintain your account with us;
-
To manage our relationship with you which will include:
-
Notifying you about changes to our terms or privacy policy
-
Asking you to leave a review or take a survey
-
Responding to your questions and inquiries
-
​
6. HOW WE SHARE INFORMATION
We may share Personal Data collected via the Services with service providers. Nua Group shares information with Nua Group’s other third-party service providers that perform Services on our behalf, such as payment processing, web hosting, video encoding, or data storage. Additionally, we may share your information with companies that are conducting marketing and advertising to benefit Nua Group. These third party companies may use your contact information for communications and marketing purposes that support our activities. You are under no obligation to respond and the companies are restricted from using your contact information for any other purpose. Nua Group will ensure that any service provider with which we share Personal Data agrees to safeguard it in substantially the same manner as Nua Group has described in this Privacy Policy and in accordance with all applicable laws.
Nua Group may aggregate information collected though the Services and remove identifiers so that the information no longer identifies or can be used to identify an individual (“Anonymized Information”). Nua Group shares Anonymized Information with third parties and does not limit third parties’ use of the Anonymized Information because it is no longer Personal Data.
Nua Group may share Personal Data if Nua Group is involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control (in whole or in part). Nua Group requires that the shared Personal Data remain subject to the promises made in the then-current Privacy Policy, unless and until you agree to a new privacy terms.
​
Applicable law may require Nua Group to disclose your Personal Data if: (i) reasonably necessary to comply with legal process (such as a court order, subpoena or search warrant) or other legal requirements; (ii) disclosure would mitigate Nua Group’s liability in an actual or threatened lawsuit; (iii) necessary to protect legal rights of Nua Group, users, customers, business partners or other interested parties; or (iv) necessary for the prevention or detection of crime (subject in each case to applicable law). For residents of the European Economic Area (“EEA”), Nua Group will disclose Personal Data only when permitted to do so under applicable European and EU Member States’ national data protection laws and regulations.
California Shine the Light Law: California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to privacy@nuahr.com or write us at: Nua Group LLC, c/o Privacy Inquiries, 201 California Street, Suite 300, San Francisco, CA 94111.
7. MINOR’S PRIVACY
The Services are not directed to or intended for individuals under the age of 18. Consistent with the requirements of applicable law, if we learn that we have received any information directly from a minor without his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the minor that he or she cannot use the Services and subsequently will delete that information.
California Minors: While the Service is not intended for anyone under the age of 18, if you are a California resident who is under the age of 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: privacy@nuahr.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
​
​
8. HOW WE PROTECT YOUR PERSONAL DATA
The privacy and protection of your information is important to Nua Group. Nua Group implements reasonable physical, technical, and administrative security standards to protect the security of personal information collected. Despite our best efforts to secure your information, the security of information transmitted over the internet cannot be guaranteed and you acknowledge this when you choose to access, visit and/or use the Site. We limit access to confidential information to those employees, and employees of our affiliates and service providers, who require the information to provide our products or services. THE SITE AND ALL INFORMATION THAT YOU SUBMIT THROUGH THE SITE IS COLLECTED, STORED, AND PROCESSED IN THE UNITED STATES WITHIN DATABASES CONTROLLED BY NUA GROUP. IF YOU ARE LOCATED OUTSIDE OF THE UNITED STATES, INFORMATION WE COLLECT (INCLUDING COOKIES) ARE PROCESSED AND STORED UN THE UNITES STATES, WHICH MAY NOT OFFER THE SAME LEVEL OF PRIVACY PROTECTION AS THE COUNTRY WHERE YOU RESIDE OR ARE A CITIZEN.
​
9. DATA RETENTION
We retain Personal Data in identifiable form subject to our Data Retention Policy. In most cases we retain Personal Data only for as long as necessary to fulfill the purposes for which the Personal Data was provided to Nua Group, or, if longer, to comply with legal obligations, to resolve disputes, to enforce agreements and similar essential purposes. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
​
​
10. ACCESSING AND UPDATING YOUR PERSONAL INFORMATION
You may request access to your personal information or correct and error or omission in your personal information by contacting us at privacy@nuahr.com or write us at: Nua Group LLC, Privacy Inquiries, 201 California Street, Suite 300, San Francisco, CA 94111. We will make good faith efforts to resolve requests to correct inaccurate information except where the request is unreasonable, requires disproportionate technical effort or expense, jeopardizes the privacy of others, or would be impractical. Residents of the EEA and California may have additional rights concerning the access and updating of their Personal Data (see Sections 11 and 12 below ).
​
11. THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
Residents of the EEA may be entitled to other rights under the GDPR. These rights are summarized below. We may require you to verify your identity before we respond to your requests to exercise your rights. If you are entitled to these rights, you may exercise these rights with respect to your Personal Data that we collect and store:
-
the right to withdraw your consent to data processing at any time (please note that this might prevent you from using certain aspects of the Services);
-
the right of access your Personal Data;
-
the right to request a copy of your Personal Data;
-
the right to correct any inaccuracies in your Personal Data;
-
the right to erase your Personal Data;
-
the right to data portability, meaning to request a transfer of your Personal Data from us to any other person or entity as chosen by you;
-
the right to request restriction of the processing of your Personal Data; and
-
the right to object to processing of your Personal Data.
You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above listed rights may be made to: privacy@nuahr.com. If you are an EEA resident, you have the right to lodge a complaint with a Data Protection Authority about how we process your Personal Data at the following website: https://edpb.europa.eu/about-edpb/board/members_en
International Transfers of Personal Data
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by using a solution that enables lawful transfer of personal data to a third country in accordance with Article 45 or 46 of the GDPR (including the European Commission Standard Contractual Clauses).
For additional information on the mechanisms used to protect your Personal Data, please contact us at privacy@nuahr.com.
​
​
12. CALIFORNIA RESIDENTS
Data Collection
Our Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, the Services collect or may have collected in the last twelve (12) months the categories of personal information as described in Section 2 above.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the business purposes indicated in Section 5 above.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We share your personal information with the categories of third parties listed in Section 6 above.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
-
Identifiers
-
California Customer Records personal information categories
-
Protected classification characteristics under California or federal law
-
Internet or other similar network activity
-
Geolocation data
-
Professional or employment-related information
-
Inferences drawn from other personal information
We do not sell personal information. In the event that we do sell any personal information, we will update this Privacy Policy to list the categories of consumers’ personal information sold.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Access Specific Information and Data Portability Right
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
-
The categories of personal information we collected about you.
-
The categories of sources for the personal information we collected about you.
-
Our business or commercial purpose for collecting or selling that personal information.
-
The categories of third parties with whom we share that personal information.
-
The specific pieces of personal information we collected about you (also called a data portability request).
-
If we disclosed your personal information for a business purpose, the business purpose for which personal information was disclosed, and the personal information categories that each category of recipient obtained.
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
Exercising Your Rights
To exercise the access, data portability and deletion rights described above, please submit a verifiable consumer request to us by either:
Calling us at: (888) 403-0390
Emailing us at: privacy@nuahr.com
Mailing us at: Nua Group LLC,
c/o Privacy Inquiries
201 California Street
Suite 300
San Francisco, CA 94111
For submissions via email, please complete and send us a completed copy of this Verifiable Consumer Request Form.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make such a request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights.
​
​
13. CHANGES TO THE PRIVACY POLICY
If we change this Privacy Policy, we will post the updated Privacy Policy and its effective date on this page. If Nua Group makes material changes that reduce your privacy rights, Nua Group will notify you in advance by sending you an email and/or by posting a notice in the Services.
14. HOW TO CONTACT US
If you have any questions, comments, or concerns about how we handle your Personal Data, you may contact us at privacy@nuahr.com or write to us at:
Nua Group LLC
236 W Portal Avenue, #320
San Francisco, CA 94127