CHIME Therapy’s Additional Privacy Statement for EU, EEA and UK Users
If you are located in the European Union (EU), the European Economic Area (EEA) or the United Kingdom (UK), in certain circumstances, you have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws.
Right not to provide consent or to withdraw consent. We may seek to rely on your consent to process certain personal data. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
Right of access and/or portability. You may have the right to access the personal data that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or “port” that data to another provider.
Correction: You have the right to correct any of your personal data we hold that is inaccurate.
Right of erasure. In certain circumstances, you may have the right to the erasure of personal data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected, unless we have a legal obligation to retain your personal data, are required to retain your personal data for reasons of public interest or for the establishment, exercise or defense of legal claims).
Right to object to processing. You may have the right to request that CHIME Therapy stop processing your personal data and/or to stop sending you marketing communications.
Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal data.
Right to restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
Right to lodge a complaint to your local Data Protection Authority. You have the right to complain to your applicable data protection authority about our collection and use of your personal data.
1. How to Exercise Your Rights
To exercise any of the rights above, email us at support@heychime.com.
Please identify yourself and specify your request. If you have a password protected CHIME Therapy account, we will use your account information to verify your identity. If not, we will ask you to provide additional verification information. What we request will depend on the nature of your request, how sensitive the information is, and how harmful unauthorized disclosure or deletion would be.
Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your personal data.
We use commercially reasonable efforts to delete your personal data as required but retain records where necessary to comply with a governmental authority or applicable law. Where legally permitted, we may decline to process requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others.
2. How do we share your personal data?
We don’t sell or rent your personal data to third parties, but we share your information with third parties in order to provide our Services. For example, we might share your personal data for:
Legal compliance and security reasons (including to protect our
Services and business, in our legitimate interests or as required by
law): We may disclose your account and other personal data if we believe
it is necessary to comply with the law, a court order or other legal
process or to protect the rights, property, or safety of CHIME Therapy,
you, other users, or others. This includes exchanging personal data with
other companies and organizations for fraud protection and credit risk
reduction or with regulators, law enforcement agencies, public
authorities, or any other relevant organizations:
i. in response to a legal obligation;
ii. if we have determined that it is necessary to share your personal
data to comply with applicable law or any obligations thereunder,
including cooperation with law enforcement, judicial orders, and
regulatory inquiries;
iii. to protect the interests of, and ensure the safety and security, of
us, our users, a third party or the public;
iv. to exercise or defend legal claims; and
v. to enforce our terms and conditions, other applicable terms of
service, or other agreements.
With service providers and vendors for business purposes in our
legitimate interests, or to perform a contract with you. Such third
parties include:
i. data analytics vendors for the purpose of obtaining aggregate
statistics about our visitors, traffic patterns and related website
information;
ii. security vendors;
iii. website hosting vendors;
iv. other vendors helping us to provide the service; and
v. payment processors.
These service providers assist us with many different functions and
tasks, such as providing data storage and disaster recovery services and
communicating with you.
When you request us to share certain information with third parties, with consent or to perform a contract with you. With your permission, we will disclose your personal data to relevant third parties.
With professional advisors, in our legitimate interests or as required by law. As necessary, we will share your personal data with professional advisors functioning as service providers such as auditors, law firms, or accounting firms.
With our affiliates, in our legitimate interests. We may share your personal data with companies within our corporate family.
In connection with an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organisation, in our legitimate interests. We will share your personal data with a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.
We may also provide third parties with aggregate statistics, traffic patterns and related information. This aggregate information reflects the Service-usage patterns of visits to our Services each month, but they do not contain information that personally identifies you.
3. International Transfers
Federal law requires us to obtain, verify, and record personal information - such as your name, address and date of birth - in order to confirm your identity, social security number and banking information.
CHIME Therapy collects, retains, and uses PI from employees and subcontractors including the following:
● Information CHIME Therapy receives on applications or other forms, including, but not limited to, identifying information such as address, telephone number, e-mail address, social security number, date of birth, mother's maiden name, medical history;
● Federal Tax ID #;
● Medical records;
● Investment information;
● Background security checks
4. Information CHIME Therapy May Share
CHIME Therapy operates globally, which means personal data may be stored and processed (for example stored in a data center) in any country where we or our service providers have facilities or hold events. By using CHIME Therapy or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the United States or in other countries around the world. Such countries may have data protection rules that are different and less protective than those of your country.
If you are a resident of the EU, EEA or UK, and your personal data is transferred outside of the EU, EEA or the UK, as applicable, we transfer this data where this is necessary to perform our contract with you in order to provide the Services or where you consent.
Where we transfer personal data to third parties outside of the EU, EEA or the UK, we also rely on the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses) (the “Model Clauses”), or any equivalent contracts issued by the relevant competent authority of the EU, EEA or the UK, as applicable, unless the data transfer is to a country that has been determined by the European Commission or the relevant UK authorities to provide an adequate level of protection for individuals’ rights and freedoms with respect to their personal data.
5. Retention
We will retain your information in accordance with the appropriate statutory limitation periods as required by local law, in line with our legitimate business purposes for as long as your account is active or for as long as needed to provide you with the Services, as required in order to comply with our legal obligations, a court order or to defend or pursue legal claims, in line with industry codes of practice, to resolve disputes and enforce our agreements.
This document was last updated on January 24, 2024. CHIME Therapy’s policies may be created, eliminated, changed or amended from time to time, and at any time, at the sole discretion of CHIME Therapy.