California Privacy Notice
January 1, 2020
This privacy notice applies only to California residents. It describes how Doximity collects, uses and shares Personal Information of California residents in connection with their use of the Service and their rights with respect to that Personal Information. For purposes of this notice, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA, including protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This notice is intended to supplement, and should be read in conjunction with, our
- Categories of Personal Information we collect and share with third parties for business and commercial purposes.
The following is a list of all categories of Personal Information specified in
of the CCPA that Doximity has collected from California residents in the twelve (12) months prior to the Effective Date, together with (1) examples of the types of Personal Information we collect within that category, and (2) the categories of sources from which we collect such Personal Information:
(1) examples of what we collect: name, username/password, email address, office and/or home address, office and/or personal phone numbers, and other similar identifiers; (2) sources: you, third parties including public sources, service providers, publications, commercial clients
- Commercial Information:
(1) examples of what we collect: prescribing history and claims data; (2) sources: third parties including service providers, commercial clients
- Online Identifiers:
(1) examples of what we collect: cookies, device identifiers, IP addresses; (2) sources: you
- Internet or Network Information:
(1) examples of what we collect: browsing and search history, click stream data, and session logs; (2) sources: you
- Geolocation Data:
(1) examples of what we collect: city, state, and zip code; (2) sources: you (directly and indirectly from your IP address)
(1) examples of what we collect: inferred preferences and interests; (2) sources: automatically generated internally based on other information we collect about your use of the Service as described in this notice
- Professional Employment Information:
(1) examples of what we collect: current and past employment; (2) sources: you and third parties including business partners, service providers, commercial clients, employers, public sources, publications
- Protected Classification Characteristics:
(1) examples of what we collect: age and sex (we may not intentionally collect this information, but it may be revealed by other information we collect, e.g., photo, year of graduation, affiliations, etc.); (2) sources: you and third parties including business partners, employers, service providers, public sources
- Physical Description:
(1) examples of what we collect: physical description apparent from a photo; (2) sources: you, employers, public sources, business partners
You can learn more about our Personal Information
sources, the business or commercial
for which we collect your Personal Information, and the categories of third parties with whom we
your Personal Information in our
- Your California privacy rights.
California residents have the rights listed below. However, these rights are not absolute and exceptions apply, so in certain cases we may decline your request as permitted by law.
You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected
- The categories of sources from which we collected Personal Information
- The business or commercial purpose for collecting and/or selling Personal Information
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient
You can request a copy of the Personal Information that we have collected about you during the past 12 months.
You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales.
If we sell your Personal Information, you can opt-out.
You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
- How to exercise your rights
If you are a California resident, you may exercise your California privacy rights described above, subject to certain exceptions, as follows:
- You can request to exercise your information, access and deletion rights by contacting us via your account at
email@example.com. We will verify your request using information associated with your Doximity account. Government identification may be required. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. Also, if we are unable to verify your identity, we may not be able to fulfill your request. We do not keep sufficient information to enable us to readily link an identified individual with information collected from such individual in connection with a prior visit to the Service unless the individual accessed the Service as a logged-in member.
- Note that we may deny your deletion request if retaining your information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Also, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication from some of its requirements, including access and deletion rights.
- Response times and format. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of a verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- Right to opt-out of the "sale" of your Personal Information. Like many providers of free online resources, Doximity relies on advertising revenue to support the operation and development of our websites, apps, and the associated services that we offer our members for free, including editorial content, communication tools, and professional networking and employment opportunities. Also, like some other providers of online commercial resources intended for use by healthcare professionals, we may report to our commercial clients if and how specific Doximity members engaged with their advertising content displayed on the Doximity platform, as described in our
firstname.lastname@example.org. We will send a message to your Doximity account asking that you verify your request. Please note that we do not provide advertisers with our members' personal contact information or information about non-member visitors.
- Changes to this Privacy Notice.
Doximity reserves the right to modify this notice at any time in our sole discretion as described in our
- Contact Information.
If you have any questions about this notice or Doximity’s privacy practices, or wish to exercise your rights under California law, please do not hesitate to contact us at:
500 3rd Street, Suite 510
San Francisco, CA 94107
Attn: Legal Department