Notice for California Residents
Information We Collect
We collect information to conduct our business and provide a service to the community. Categories of information that we collect, including information collected in the past 12 months via this website is indicated in the table below.
|Category||Examples||One or More Collected|
|A. Identifiers||Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.||Yes|
|B. Biometric Information||An individual's physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. This also includes sleep, health, or exercise data that contain identifying information.||No|
|C. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Yes (only when submitted through a form)|
|D. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion, marital status, medical condition, physical disability, mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, sexual orientation, genetic information (including familial genetic information).||No|
|E. Commercial Information.||Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||No|
|F. Internet or other electronic network activity information.||Includes, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with our Internet Web site, application, or advertisement. We use tracking from Google Analytics, Facebook, and InspectLet to track the activity of users to enhance user experience and engagement.||Yes|
|G. Geolocation Data.||Physical location or movements of an individual through IP.||Yes|
|H. Sensory Data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|I. Professional or employment-related information.||Past job history or job performance information.||No|
|J. Education Information.||Defined as information that is not publicly available, personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). This includes education records on students.||No|
|K. Inferences drawn from other personal information.||Profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
Personal information we collect does not include publicly available information such as:
- Publicly available information from government records
- De-identified or aggregated consumer information exempted from the California Consumer Privacy Act (CCPA), such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
- Personal information covered by certain privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California
- Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
How Is Personal Information Obtained
The information we obtained above comes from the following sources:
- Visitors to our websites that fill out our web forms.
- Indirectly from outside sources including visitors submitting information about their provider to us.
Usage of Personal Information
We may use or disclose personal information we collect for one or more of the following business purposes:
- To help you receive the information and services you are seeking from us.
- To help you receive information that is of interest and benefit to you such as newsletters, access to our lupus symptoms checklist results, and to provide more detailed information on how we can help you.
- To provide customer support.
- To provide education on using our services.
- To provide test kits to providers.
- To provide insurance and billing information.
- To respond to sales inquiries.
- To respond to forms filled out on our Contact Us form.
- To respond to emails sent to our company emails.
- To improve how you interact with our websites.
- To respond to law enforcement requests, court orders, or government investigations.
Sharing Personal Information
Your personal information may be disclosed to a third party for certain business purposes. When we disclose personal information for a business purpose, we require both parties to keep that personal information confidential and not use it for any purpose except in the performance of the contract we enter into with them.
In the previous twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers
Category C: Personal information from California Customer Records statute
Category E: Commercial information
Category F: Internet & Other Network Activity
We disclose your personal information for a business purpose to the following categories of third parties:
- Service providers
- Subcontractors and consultants
- Third parties to whom you authorize us to disclose your personal information to such as healthcare providers
Selling Personal Information
Exagen Inc. does not sell any personal information to third parties.
Exagen Inc. will retain your personal information for as long as reasonably necessary to fulfill the purposes for which we collected it and to satisfy any applicable legal, regulatory, or reporting requirements.
Your Rights Under the CCPA
The CCPA provides consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Personal Information
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and verify your request, we will disclose to you:
- The personal information we collected about you.
- The commercial purpose for collecting that personal information.
- The information that was shared with third parties.
- The specific pieces of personal information we collected about you.
You have the right to request that we delete any personal information collected, unless retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Once we receive and confirm your verifiable consumer deletion request, we will delete (and direct our service providers, subcontractors, and consultants to delete) your personal information, unless an exception applies as laid out above.
Exercising Your Rights
To request access to your personal information or request deletion, please submit a verifiable consumer request through one of the following methods:
Only you or a person authorized to act on your behalf may make a consumer request related to your personal information.
You may only request a copy of your data twice within a 12-month period. The request must:
- Provide sufficient information to allow us to reasonably verify you are the person about whom we collect personal information or an authorized representative.
- We cannot respond to your request or provide you with personal information if we cannot verify your identity.
Our goal is to respond to verified requests within 45 days. Any disclosures we provide will cover only the 12-months prior to the request. We will not charge a fee to respond to a deletion request unless it is requested more than two times in a 12-month period. You will know the fee estimate before we process your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services
- Provide you a different level or quality of goods or services.
If you have any questions or comments about CCPA, this policy, your rights, or to request a deletion please contact us through the information below:
Data Protection Officer
1261 Liberty Way
Vista, CA 92081
Email: [email protected]
Effective Date: December 31st, 2019