This page contains additional information for residents of certain U.S. states that have their own privacy laws and regulations, including the rights available to residents of those states as of the effective date of each law and regulation. This content supplements our Privacy Policy and includes our notice regarding data collection under California law and other U.S. States.
Effective January 1, 2023
This notice to California residents is provided under California law. It explains your privacy rights, provides our “notice at collection,” and provides certain mandated disclosures about our treatment of California residents’ information, both online and offline.
NOTICE OF COLLECTION OF PERSONAL INFORMATION
We may collect the following categories of personal information about our guests and users of our digital properties: identifiers/contact information, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above.
We collect this information so that we can best serve you, including to fulfill your requests and to share offers that we think you may be interested in. A more detailed description of these purposes is in our Privacy Policy.
Disclosures/Sharing/Selling
California residents also have the right to “opt out” of the “sale” or “sharing” of their “personal information” to or with “third parties” (as those terms are defined under law).
“DO NOT SELL OR SHARE MY PERSONAL INFORMATION” RIGHTS
You or your authorized agent can opt out of the “sale” or “sharing” of your personal information to third parties.
Certain data collection on our sites and applications for purposes of interest-based advertising and social media tools may be a “sale” or “sharing” under California privacy law. Instructions for how you can exercise these rights are set forth below in the “California Residents’ Rights” section.
CALIFORNIA RESIDENTS’ RIGHTS
Right to Access
You have the right to request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, sell, and share.
Right to Delete
You have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions.
Right to Correct
You have the right to request that we correct inaccurate personal information that we maintain about you, subject to applicable legal exceptions.
Right to Opt Out of Sale or Sharing of Personal Information
You have the right to “opt out” of the “sale” or “sharing” of your “personal information” to or with “third parties” (as those terms are defined by applicable law).
EXERCISING YOUR CALIFORNIA PRIVACY RIGHTS
Making Access, Deletion, and Correction Requests
To make an access, deletion, or correction request, please visit this formular. Before completing your request, we may need to verify your identity. We will send you a link to verify your email address and may request additional documentation or information solely for the purpose of verifying your identity.
Instructions for Authorized Agents Making Requests
You may also use an authorized agent to submit an access, deletion, or correction request on your behalf. Authorized agents may submit such requests at https://www.medlist.us/node/72. An authorized agent must have your signed permission to submit a request on your behalf or provide proof that they have power of attorney in accordance with California probate law. Before completing requests from authorized agents, we may contact you directly to confirm you’ve given your permission and/or to verify your identity.
Making Requests to “Opt Out” of the “Sale” or “Sharing” of “Personal Information”
To submit a request to opt out of the sale or sharing of your personal information, you may click on the link “Do Not Sell or Share My Personal Information” on the footer of our websites or you may choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out. You may also use an authorized agent to submit a request to opt out on your behalf if you provide the authorized agent signed written permission to do so. Authorized agents may submit requests to opt out by visiting this formular for agents. You have the right not to receive discriminatory treatment for the exercise of your privacy rights.
Shine the Light Act
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by certain members of medlist.us to third parties for the third parties’ direct marketing purposes. We take great pride in the relationship of trust we have built with our guests over many years and we are dedicated to treating your personal information with care and respect. Pursuant to California Civil Code Section 1798.83(c)(2), members of medlist.us do not share guests’ personal information with other member companies or others outside of medlist.us for those parties’ direct marketing use unless a guest elects that we do so.
Removal of Content
If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted.
To make such a request, please send an email with a detailed description of the specific content or information to email usprivacy@medlist.us. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
CPA COLORADO PRIVACY ACT
On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (CPA) into law (SB 21-190). Unless a referendum petition is filed within 90 days after the date the legislature adjourned, the law will take effect on July 1, 2023.
Colorado is the third state to pass comprehensive data privacy legislation, after Virginia passed the Virginia Consumer Data Protection Act (VCDPA) and California also passed a new data privacy law by ballot initiative, the California Privacy Rights Act (CPRA), which will expand the scope of protections previously afforded to California residents by the California Consumer Privacy Act (CCPA) of 2018. It borrows various elements from the European Union's General Data Protection Regulation (GDPR), CPRA, CCPA, and VCDPA.
What is the CPA?
The Colorado Privacy Act (CPA) is a state law that gives consumers the right to know what personal information is being collected about them, why it is being collected, and how it will be used. CPA also gives consumers the right to control how their personal information is used and to delete their personal information.
Consumers are defined in the CPA to include Colorado residents acting in their individual or household contexts. The CPA excludes individuals acting in a commercial or employment context, job applicants, and beneficiaries of someone acting in an employment context from its consumer definition.
The CPA’s broad personal data definition includes any information linked or reasonably linkable to an identified or identifiable individual or natural person. Still, it excludes de-identified data or publicly available information as narrowly defined in the law.
The law defines sensitive data to include personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or citizenship status, genetic or biometric data that may be processed for the purpose of uniquely identifying an individual, and the personal data of a known child.
What are the consumer rights under the CPA?
The CPA grants consumers, or the parents or guardians of children under 13, the right to:
- Opt out of processing their personal data, or authorize another person to opt-out on their behalf, for:
- targeted advertising;
- personal data sales; or
- profiling, which has legal or other significant effects on the consumer, as defined by the CPA. - Know whether a controller processes their personal data.
- Access, correct, and delete their personal data.
- Obtain a copy of their personal data in a commonly used and machine-readable format, known in other jurisdictions as the right to data portability, up to two times per year.
CTDPA CONNECTICUT DATA PRIVACY ACT
The law is quite comprehensive with strict provisions on a data subject’s rights to request data deletion data and withdraw their consent. The law also has a provision giving a data subject an explicit right to request that data collected about them, and not from them, be deleted. Although it was enacted on May 10, 2022, the new Connecticut data privacy law will go into effect on July 1, 2023.
How does Connecticut’s Privacy Law compare to other Data Protection Regulations?
Connecticut’s Privacy law is like Colorado’s and Virginia’s Privacy Acts. The law has similar personal data security and disclosure requirements for businesses that meet prescribed thresholds. However, Connecticut’s Privacy law has two shortcomings:
It does not require controllers or processors to perform Data Protection Impact Assessments (DPIAs) when processing minors’ data. The DPIA is also not required when processing data for the purpose of profiling.
The Privacy law does not include any provisions for data breach notifications. However, Connecticut’s General Statute regarding data privacy breaches was updated late last year with a time period of 60 days for notification. Colorado, in comparison, only allows 30 days for data subject notification.
NEW YORK PRIVACY ACT
New York will get a law like California’s CCPA. Law makers reintroduced the Senate Bill for the New York Privacy Act in the State Senate in February 2022. The Bill aims to provide consumers with new rights such as the rights of access, correction, and to challenge automated decision-making.
Law makers also reintroduced the Assembly Bill for the New York Privacy Act to the State Assembly in February 2022. This Bill is like the Senate Bill with some differences. For example, the Assembly Bill requires businesses to maintain reasonable security measures, to notify consumers of foreseeable harm, and to obtain specific consent.
These Bills failed to progress in 2021. There could be many reasons behind it. However, the fact that these Bills were reintroduced early in 2022 may mean that it will soon become law.
UTAH CONSUMER PRIVACY ACT
In March 2022, Utah’s Consumer Privacy Bill passed the State House. The Bill still has several hurdles to jump through before becoming law. Leaders from both legislative chambers will need to provide their signatures before the 2022 session adjournment on 4 March 2022.
Utah’s Consumer Privacy Bill commencement date
It is still a Bill and has not yet been enacted. On 24 March 2022, The Utah State Governor signed the Senate Bill. It is expected to come into effect on 31 December 2023.
VCDPA VIRGINIA CONSUMER DATA PROTECTION ACT
Effective January 1, 2023
This notice to Virginia residents is provided under Virginia law. It explains your privacy rights and provides certain mandated disclosures about our treatment of Virginia residents’ information, both online and offline.
The CDPA regulates privacy and data protection matters in Virginia. The law gives consumers the right to access their data and to lodge requests that businesses must delete their personal information. The CDPA requires companies to conduct data protection assessments related to their processing of personal data for targeted advertising and sales purposes.
VIRGINIA RESIDENTS’ RIGHTS
Virginia law provides Virginia residents with the rights listed below.
Right to Access
You have the right to confirm whether we are processing your personal data and to access your personal data.
Right to Correct
You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing.
Right to Delete
You have the right to delete personal data provided by or obtained about you.
Right to Portabilit
You have the right to obtain a portable copy of the personal data that you provided to us.
Right to Opt Out
You have the right to opt out of targeted advertising (as defined under Virginia law). We do not sell data as defined under Virginia law.
EXERCISING YOUR VIRGINIA PRIVACY RIGHTS
Making Access, Deletion, and Correction Requests
To make an access, deletion, or correction request, please visit this formular. Before completing your request, we may need to verify your identity. We will send you a link to verify your email address and may request additional documentation or information solely for the purpose of verifying your identity.
Making Requests to “Opt Out” of Targeted Advertising
To submit a request to opt out of targeted advertising, you may click on the link “Do Not Sell or Share My Personal Information” on the footer of our websites or you may choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.
To appeal our decision regarding a request related to these rights, you may email us at usprivacy@medlist.us.
These sections applies to residents of certain US states where specific privacy laws may grant them additional rights with respect to their personal information. If you are a resident of one of these states, you may have the right to:
- Request access to the personal information we have collected about you in the past 12 months.
- Request deletion of the personal information we have collected about you, subject to certain exceptions.
- Opt out of the sale of your personal information to third parties, if applicable.
- Not be discriminated against for exercising your privacy rights.