This California Consumer Privacy Rights Notice (“Notice”) sets forth MNM Bioscience, Inc.’s disclosure obligations under California law, including the California Consumer Privacy Act of 2018 (“CCPA”) and the California Civil Code section 1798.83. This Notice provides the additional details regarding the information defined as ‘personal information’ under applicable California law and related to a California resident or household (“Consumers” and “You”) further referred to as “Personal Information.”
Personal Information Collected and Disclosed
MNM Bioscience collects, uses and/or discloses Personal Information as follows:
Category A Identifiers & B Personal Information
Category D: Commercial Information
Category F: Internet/Network Activity
Category K: Inferences from Data Collected
Other Potential Third Party Disclosures: Personal Information may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) as part of a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of all or part of the business, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies as required by law; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations.
Sale of Personal Information
MNM Bioscience does not sell and will not sell your Personal Information - we are not data brokers, and we don’t put your personal data on the open market. However, under the CCPA regulations, some sharing of personal information necessary to provide you with personalized ads may be considered a “sale,” even if no money is exchanged. We aren’t changing how we share your data, but we want to make sure you have choices under the new definition of “sale.”
MNM Bioscience is not sharing your information with any advertising partners.
Your Consumer Rights Under CCPA – Right to Know About Personal Information Collected, Disclosed, or Sold California Consumers may contact MNM Bioscience to exercise the following California Privacy Rights:
- Request MNM Bioscience Disclose at No Charge:
Specific pieces of personal information it has collected about you; categories of Personal Information collected, used, and/or disclosed about you; categories of sources from which Personal Information is collected; business and/or commercial purposes for collecting and disclosing your Personal Information; categories of third parties with whom your Personal Information has been disclosed/shared; and Right to Know Requests can be submitted to MNM Bioscience by email firstname.lastname@example.org
- Request MNM Bioscience Delete at No Charge:
Except as exempted pursuant to CCPA 1798.105, to request MNM Bioscience delete Personal Information. Deletion Requests can be submitted to MNM Bioscience be email at email@example.com
- Verified Request Process
MNM Bioscience will verify all consumer requests prior to taking any action in response to such request. Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. Authorized agents must demonstrate they have written authorization from you to make requests on your behalf. MNM Bioscience may additionally require the consumer to confirm their identity and verify the authorized agent’s permission before complying with any request.
- Consumer Request Limitations
Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the CCPA, including, but not limited to: MNM Bioscience is obligated to disclose/delete only upon a verifiable Consumer request from the consumer or an authorized agent acting on behalf of Consumer; Consumers may only make a personal information request twice in a 12-month period; Deletion is not required because it is necessary for MNM Bioscience to maintain the Personal Information to fulfill the purposes enumerated in CCPA Section 1798.105; MNM Bioscience will confirm and respond to all requests within the timeframe required under the CCPA. In responding to any request to disclose/delete, Company shall maintain a record of the requests as required under the CCPA.
You have the right not to receive discriminatory treatment for exercising any rights conferred by the CCPA. MNM Bioscience shall not discriminate against a consumer for exercising any rights under the CCPA, including, but not limited to, (a) denying goods or professional services, (b) charging different prices or rates (including discounts/penalties) that is not directly related to the value provided to MNM Bioscience for the Personal Information, (c) suggesting Consumer will receive a different rate/price or different level of quality of goods/professional services
Your California Privacy Rights under California Civil Code Section 1798.83 & Business and Professions Code Section 22581
California law permits Consumers to request and obtain from once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
In addition, a business subject to California Business and Professions Code Section 22581 must allow any California resident under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the data privacy law may not permit or require removal in certain circumstances.
Accessibility of this CCPA Policy
You can download and print a copy of this Notice.
If you have any questions regarding your Personal Information or about our privacy practices, please contact us at:
MNM Bioscience, Inc.
Attention: Privacy Department
1 Broadway, Cambridge,
The Administrator of your Personal Information is MNM Bioscience Inc. based in Cambridge, 1 Broadway (MA 02142), hereinafter referred to as the Controller.
"Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
The term "Website" shall be understood to mean websites set up by the Administrator or social networks on which the Administrator has set up accounts.
The term "User" shall be understood as any natural person visiting the Website or using one or more services or functions made available on the Website.
The Data Protection Inspector of the Administrator is: Mr. Piotr Topolski, e-mail: firstname.lastname@example.org.
In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User's activity on the Website. Personal data of all individuals using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies) is processed by the Administrator:
- The Administrator shall make available the possibility of contacting it by means of electronic contact forms. Using the form requires providing personal data necessary to contact the User and respond to the request. The User can also provide other data to facilitate contact or handling of the inquiry. Providing data marked as obligatory is required in order to accept and service the inquiry, and their failure to provide data results in the inability to service it. Providing other data is voluntary. In order to identify the sender and handle his inquiry sent through the form provided - the legal basis for processing is the necessity of the processing to perform the contract for the provision of services (Article 6 of the Act 1 letter f GDPR);
- For analytical and statistical purposes - then the legal basis of processing is the legitimate interest of the Administrator (Article 6 of the Act 1 lit. f GDPR), consisting of conducting analyses of Users' activities, as well as their preferences, in order to improve the used functionalities and provided services.
- For the purpose of possible establishment, investigation or defense against claims - the legal basis of processing is the Administrator's legitimate interest (Article 6 of the Act 1 letter f GDPR) consisting in the protection of their rights.
- In order to ensure the security of the IT system and its management, as well as for analytical and statistical purposes, the Administrator registers the User's activity on the website, including his/her personal data, in logs - in this regard, the legal basis of the processing is the Administrator's legitimate interest (Article 6 of Act 1, point f GDPR).
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data are processed for the period of service provision, until withdrawal of consent or lodging an effective objection to data processing in cases where the legal basis of data processing is the legitimate interest of the Administrator.
The data processing period may be extended if the processing is necessary to establish and assert possible claims or to defend against claims, and after this period only if and to the extent required by law. After the end of the processing period, the data are irretrievably deleted or anonymized.
The User has the right to access the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority dealing with the protection of personal data.
To the extent that the User's data are processed on the basis of consent, the consent may be withdrawn at any time by contacting the Administrator or using the functions available on the Website.
The User has the right to object at any time to the processing of his/her data for direct marketing purposes, including profiling, if the processing is carried out in connection with the legitimate interest of the Administrator.
The User also has the right to object at any time to the processing of his/her data for reasons related to his/her particular situation in cases where the legal basis of data processing is the legitimate interest of the Administrator (e.g. in connection with the performance of analytical and statistical purposes, including profiling).
In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular providers responsible for the operation of IT systems used to provide services, entities such as research companies, marketing agencies (within the scope of marketing services).
The Administrator reserves the right to disclose information about the User to the competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with applicable law.
The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:
- Cooperating with processors of personal data in countries for which a relevant European Commission decision has been issued;
- Using standard contractual clauses issued by the European Commission;
- Applying binding corporate rules approved by the relevant supervisory authority.
- The controller shall perform a risk analysis on an ongoing basis to ensure that personal data is processed by it in a secure manner, ensuring in particular that only authorized persons have access to the data and only to the extent necessary for the performance of their tasks. The Administrator ensures that all operations on personal data are recorded and performed only by authorized employees and co-workers.
The Administrator shall take all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.