California Privacy Notice
Effective Date: January 1, 2020
- Categories of Personal Information we collect and share with third parties for business and commercial purposes. The following is a list of all categories of Personal Information specified in Section 1798.140(o) of the CCPA that Doximity has collected from California residents in the twelve (12) months prior to the Effective Date, together with (1) examples of the types of Personal Information we collect within that category, and (2) the categories of sources from which we collect such Personal Information:
- Identifiers: (1) examples of what we collect: name, username/password, email address, office and/or home address, office and/or personal phone numbers, and other similar identifiers; (2) sources: you, third parties including public sources, service providers, publications, commercial clients
- Commercial Information: (1) examples of what we collect: prescribing history and claims data; (2) sources: third parties including service providers, commercial clients
- Online Identifiers: (1) examples of what we collect: cookies, device identifiers, IP addresses; (2) sources: you
- Internet or Network Information: (1) examples of what we collect: browsing and search history, click stream data, and session logs; (2) sources: you
- Geolocation Data: (1) examples of what we collect: city, state, and zip code; (2) sources: you (directly and indirectly from your IP address)
- Inferences: (1) examples of what we collect: inferred preferences and interests; (2) sources: automatically generated internally based on other information we collect about your use of the Service as described in this notice
- Professional Employment Information: (1) examples of what we collect: current and past employment; (2) sources: you and third parties including business partners, service providers, commercial clients, employers, public sources, publications
- Protected Classification Characteristics: (1) examples of what we collect: age and sex (we may not intentionally collect this information, but it may be revealed by other information we collect, e.g., photo, year of graduation, affiliations, etc.); (2) sources: you and third parties including business partners, employers, service providers, public sources
- Physical Description: (1) examples of what we collect: physical description apparent from a photo; (2) sources: you, employers, public sources, business partners
- Your California privacy rights. California residents have the rights listed below. However, these rights are not absolute and exceptions apply, so in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected
- The categories of sources from which we collected Personal Information
- The business or commercial purpose for collecting and/or selling Personal Information
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. If we sell your Personal Information, you can opt-out.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
- How to exercise your rights
If you are a California resident, you may exercise your California privacy rights described above, subject to certain exceptions, as follows:
- You can request to exercise your information, access and deletion rights by contacting us via your account at firstname.lastname@example.org. We will verify your request using information associated with your Doximity account. Government identification may be required. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. Also, if we are unable to verify your identity, we may not be able to fulfill your request. We do not keep sufficient information to enable us to readily link an identified individual with information collected from such individual in connection with a prior visit to the Service unless the individual accessed the Service as a logged-in member.
- Note that we may deny your deletion request if retaining your information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Response times and format. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of a verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Also, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication from some of its requirements, including access and deletion rights.
- Contact Information.
If you have any questions about this notice or Doximity’s privacy practices, or wish to exercise your rights under California law, please do not hesitate to contact us at:
500 3rd Street, Suite 510
San Francisco, CA 94107
Attn: Legal Department